An Israeli security researcher (Gadi Evron) and AVG researcher (Nick Fitzgerald) are reporting that Facebook has a new worm. The said worm places a quite suggestive picture of a woman to spread throughout the social network. With the picture, a button that says, “Click da’ button, baby!”
Once the Facebook user clicks the button, they are sent to an reported attack website that automatically updates the victims wall with the malicious link. Israeli security researcher, Gadi Evron, first stumbled upon the worm after he became a victim.
Evron went on to describe that a friend of his, Nick Fitzgerald, help him analyze how the worm works.
"This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook "as if" the victim had submitted a URL for a wall post and clicked on the "Share" button to confirm the post."
DarkReading Via [TechTarget]
No comments:
Post a Comment