⬆️ ⬇️

Facebook Worm - “Make Me Laugh Now”

No matter how experienced and paranoid a person is, anyway, a certain confidence is generated in services that have never had problems, spam and other troubles. Today I received a notification about a new post on Facebook:



image



Harmless like, from a man experienced and, so to speak, reliable. I didn’t notice a dirty trick (link to apps.facebook.com, there were no suspicions at all), I didn’t really read the message, well, I opened the link. Apparently he thought so too when he got it. In general, as it turned out, this is a new Internet worm, and it acts from the inside (!) As an application . It is clear that you need to be vigilant, apparently those who minus the post want to convey this to me, but here the case seems to be unique, since the application does not require any additional action by the user, and, as it turned out, is very massive.

')

If you received such a letter - do not go to the application page!

Open the link and instantly become a peddler of infection.



UPD Chervo application removed from the apps.

I wonder how they will comment on Facebook, and whether they will comment at all.



UPD2 Detailed analysis of the worm (eng): blog.kotowicz.net/2010/08/makemelaughnow-analysis-of-new.html

Quite curious, I recommend to read. If someone makes a translation, it will be generally gorgeous .

And here translation came in time from miguello .



In short, the application used the mobile version of touch.facebook.com loopholes , avoiding the protection of the sandbox. I quote: "The lesson to be learned - do not forget about the mobile versions of your sites . "



I will quote the post on facebookapps.ru :

The user is not required to confirm access to the application, everything is done automatically, but during the debriefing I noticed the following information:



image



In fact, the attackers calculated a host from which it is possible to transfer any information to any users of the social network FB . It seems to me that at the moment it is not a particularly dangerous worm, but later its clones will appear which will be able to transmit viruses and links to other potentially dangerous sites.


Of course, this bug will be fixed if it has not already been covered up, although I still see outraged messages on Twitter and Facebook itself, but the sediment will remain and the former trust in the PB has been lost.

Source: https://habr.com/ru/post/103036/



All Articles