Recently, security researchers identified a new malware campaign, which targets Facebook users.
(prHWY.com) April 15, 2011 - Albuquerque, NM -- Albuquerque, NM, United States - Recently, security researchers at Internet security firm Sophos identified a new malware campaign, which targets Facebook users. Attackers are purportedly sending e-mails, which appear to recipients as arriving from Facebook. The e-mail includes a well-crafted message, which advises the recipients to download a PDF attachment containing new password for their Facebook account as the currently used password is not safe. The malicious e-mail comes with different subject lines such as "your password has been changed", "the new password to your account", "personal data has been changed". The above sentence is preceded by the word, "Facebook" or "Facebook Support". The sentence is followed by an ID Number. The e-mails are not personalized. According to security researchers at Sophos, the e-mails claim to arrive from firstname.lastname@example.org, email@example.com or firstname.lastname@example.org. Users must be wary of such e-mails as the companies are unlikely to change the passwords on their own and they will not send a PDF attachment. Further, genuine e-mails are more likely to be personalized. Attackers may spoof e-mails or change the header to make the user believe that e-mails are arriving from a legitimate source. Users can direct visit the legitimate website and check whether they are able to log on with their existing passwords. Users may report such fraudulent e-mails to the targeted company and security response teams.
Recipients who download the attachment may inadvertently infect their computers with Mal/Zbot-AV as identified by Sophos. Mal/Zbot-AV is a Fake AV downloader, which installs malware in several locations on the computer system. Internet security awareness is crucial to deal with consistent, well designed and sophisticated threats from cybercriminals. Users may gain insights on safe online computing practices through online IT courses
and following security blogs, and updates from software developers. Internet users must install, update and regularly scan their computer systems with anti-virus and anti-malware software. They must avoid clicking on suspicious links and downloading e-mail attachments received from suspicious sources. They must use genuine software, adhere to security advisories and update software programs to safeguard their computer systems.
The popularity of social media sites such as Facebook and Twitter makes them vulnerable to cyber threats. Attackers constantly target users of social media sites through fraudulent schemes. Attackers tempt users to click on link or download attachments containing malware. The malware may be designed to delete, modify or extract files from the compromised computes. In the recent times, Facebook users have been targeted with various game, survey and event scams. Some of the scams seek access for rogue applications on Facebook account of a user. Once allowed access, the scams attempt to target people listed in the Friends list of the user. Vibrant online threats make it inevitable for security professionals to remain alert and regularly update their technical know-how by attending webinars, conferences and undertaking online IT degree
Professionals qualified in IT degree programs and security certifications may help developers in proactively devising new security mechanisms. Social media sites must work with Internet security firms to identify and alert users against spam and malware-ridden e-mail attachments.
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.