![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
terrikoA couple of my friends have gotten hit with stuff that's hijacking their accounts as a way to send spam to Facebook. The latest one sent something about www,ArticleBooks,cn which looks like a standard scam (although if I were you, I wouldn't load that -- I'm just putting it here in case someone searches for it).
As a web security researcher, I'd like to offer some advice. The safest advice would probably be either "don't use any Facebook apps" or "don't use Facebook" but we all know you're not going to do that just because someone sent spam in your name.
So here's a few more reasonable tips that might keep you and your friends spam-free:
1. The problem probably won't be caught by your virus scanner. Do a scan -- it won't hurt -- but if it comes up negative don't assume you're safe.
2. My personal bet is that the Facebook stuff is caused by a rogue app. Uninstall ALL applications you are not using to be more safe. This may be a legitimate application which was hijacked, so you're safest uninstalling as much as possible.
3. Do NOT install any applications used by friends who have sent spam messages. Especially if you get a message like "$infected_friend has send you a gift!" or something: these are common ways for Facebook "viruses" to spread.
4. Consider installing an ad-blocker. Advertisements could also have been used to hijack your Facebook. I highly recommend you use AdBlock Plus on Mozilla Firefox, as some other ad blocking software is sketchy.
5. They may not have stolen your password, but it can't hurt to change your password after you have uninstalled all your apps.
6. If you were hit on twitter, or even Facebook, it could also be some site you visited that hijacked your browser. Check your history and try to warn others if you figure out which site it was!
As a web security researcher, I'd like to offer some advice. The safest advice would probably be either "don't use any Facebook apps" or "don't use Facebook" but we all know you're not going to do that just because someone sent spam in your name.
So here's a few more reasonable tips that might keep you and your friends spam-free:
1. The problem probably won't be caught by your virus scanner. Do a scan -- it won't hurt -- but if it comes up negative don't assume you're safe.
2. My personal bet is that the Facebook stuff is caused by a rogue app. Uninstall ALL applications you are not using to be more safe. This may be a legitimate application which was hijacked, so you're safest uninstalling as much as possible.
3. Do NOT install any applications used by friends who have sent spam messages. Especially if you get a message like "$infected_friend has send you a gift!" or something: these are common ways for Facebook "viruses" to spread.
4. Consider installing an ad-blocker. Advertisements could also have been used to hijack your Facebook. I highly recommend you use AdBlock Plus on Mozilla Firefox, as some other ad blocking software is sketchy.
5. They may not have stolen your password, but it can't hurt to change your password after you have uninstalled all your apps.
6. If you were hit on twitter, or even Facebook, it could also be some site you visited that hijacked your browser. Check your history and try to warn others if you figure out which site it was!
no subject
Date: November 30th, 2009 07:54 am (UTC)2) that may be the case for db (though i've seen a lot of phishing too) but the twitter stuff seems to mostly be phishing, as twitter's closed up the XSS and CSRF holes that was making them swiss cheese a few months ago.
5) on Twitter, change your password /and/ check http://twitter.com/account/connections for rogue apps
And more generally, if you get your password phished, change it on the site you got phished for /and/ anywhere else you use that password. Also don't reuse passwords, use a password management app (a girl can dream, right?). I personally use Password Safe and Password Gorilla (they read the same file format); KeePass / KeePassX is a great one as well. Both free&open source and crossplatform (except PS which is Windows-only).
no subject
Date: November 30th, 2009 07:54 am (UTC)