Facebook Attack Spreading both Windows AND Mac malware

[Jack]

There's a significant Facebook malware attack occurring at the moment.

The attack is spreading virally using Facebook's "Like" feature — a method well established by rogue Cost Per Action (CPA) marketing affiliates. But unlike CPA spam that redirects to deceptive ads, this "viral video" is linking to a Lithuanian server that serves up Windows and/or Mac malware.

This is the first time we've seen malware using "viral links". (Stuff such as Koobface uses phishing and compromised accounts.)

The bait uses the following subject lines: "oh #####, one more really freaky video O_O" and "IMF boss Dominique Strauss-Kahn Exclusive Rape Video - Black lady under attack!" and points to a subdomain on "newtubes.in".

An Openbook search shows numerous examples of folks that have been exposed.

Here's an example of Facebook's search results:
[attachment=353]
When testing the link from Germany, Finland, France, India and Malaysia, we were safely redirected to youtube.com. Testing from the USA and UK offered up Mac scareware or Windows malware depending on our browser user agent IDs.

The attack is GEO-IP as well as OS aware.

More details - link

 

[Dejan]

I'm not surprised that more malware is being created for Macs now, it's apparently the new trend in the malware authors community. Apple better start taking this seriously before it's too late.

 

[Vextor]

Malware is starting to go out of control. Anti-Virus Companies hear the cash till ringing!

 

[MrXidus]

Couldn't agree more with endejan and bbbbwebs post took the words right out of my mouth.
I already know this would have hit many un-suspecting users I only hope they had a working and up to date AV with them.
Apple has bigger trouble heading there way.