Facebook users are sharing a viral application that allegedly will show the user who has visited their profile. Unfortunately this application does not show who has looked at your profile, but instead encourages you to let the application examine your profile. Here is what the message states and what you should be on alert for:
OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile! on [LINK]
The user is directed to a site with the following message asking for permission to access your profile:
But do you really want complete strangers to be able to email you, access your personal data and even post messages to any Facebook pages you may administer?
If you’ve got this far then you really shouldn’t go any further. Scams like this have been used to earn commission for the mischief makers behind them, who have no qualms about using your Facebook profile to spread their spammy links even further.
Because if you do continue, you’ll find that your profile will be yet another victim of the viral scam – spreading the message to all of your online Facebook friends and family. And no, you don’t ever find out who has been viewing your profile.
This goes back to the age-old advice. If you don’t know what it is or who it is from, don’t open it. But if you do get stung, here is how to remove it:
If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
Source – sophos
According to a blog entry at Sophos, if you are scheduled for a flight on Southwest Airlines on March 13th, you may have trouble logging in online. It seems that the virus known as Confickeris scheduled to call home to wnsux.com for further instructions. But the virus won’t receive any directions. Instead the site which is owned by Southwest Airlines will redirect the traffic to Southwest Airlines. If this happens, than the site could suffer a denial of service attack.
According to Sophos in their blog posting, it also states that:
The key sites whose visitors may indeed see a disruption to their service include:
|jogli.com||Big Web Great Music||March 8|
|wnsux.com||Southwest Airlines||March 13|
|qhflh.com||Women’s Net in Qinghai Province||March 18|
|praat.org||Praat: doing phonetics by computer||March 31|
Other, less frequented, sites of interest that appeared in the list include “The Tennesse Dogue De Bordeaux” dog breeders site (tnddb.com, March 14) and the coy “Double Super Secret Message Board” site (dssmb.com, March 11) — dogs and secrets won’t be moving too well on those days. One last domain turned out to be infected with Troj/Unif-B (site not listed here for obvious reasons) — so I will go ahead and block that one all the same!
As for options, the simple solution, say for Southwest Airlines, could simply be to stop resolving wnsux.com to southwest.com for the day — so long as that wouldn’t hinder any of their operations. Another option would be to filter out the Conficker HTTP requests of the form http://<domain>/search?q=<N>, though this requires that (a) your site does not currently use a “search” page (with no file extension) and more importantly (b) the filtering decision is made at a point along the network path that can cope with the load. This is a bit trickier as HTTP is an application layer protocol — a network connection must already be established before the two endpoints start speaking HTTP — necessitating a highly provisioned web proxy be used on the front lines to (1) establish the connection (TCP 3-way handshake), (2) examine the HTTP request, and (3) drop Conficker requests and pass along any remaining (presumably legitimate) requests further downstream. In any case, I have contacted the owners of the domains listed above to draw their attention to this matter.
Time will tell whether making it on the Conficker list will be viewed with prestige or lowliness. Perhaps stories of surviving a Conficker call-home flood will carry a badge-of-honor in the network operations world. I do know one thing for certain though… I’m glad sophos.com did not make the list.
MikeW, SophosLabs, Canada
So hopefully Southwest Airlines won’t experience any problems.
On February 6, 2007 an attack took place on the Internet which tried to take down the major backbone of the entire Internet. The attack against the root servers, which handles all Internet traffic, wasn’t done by stealthy minded hackers but by people just like us. People who have allowed their systems to be unprotected and that are now being used as soliders for the invading force.
Hard to believe? Will it did happen. Sophos reported yesterday this very story in which they stated:
“These zombie computers could have brought the web to its knees, and while the resilience of the root servers should be commended, more needs to be done to tackle the root of the problem – the lax attitude of some users towards IT security,” said Graham Cluley, senior technology consultant at Sophos. “Society is almost totally reliant on the internet for day-to-day communication – it’s ironic that the people who depend on the web may have been the ones whose computers were secretly trying to bring it down.”
Root servers, which manage the internet’s Domain Name System, help to convert website names such as amazon.com to their numeric IP address – essentially acting as an address book for the internet. UltraDNS, which manages traffic for websites ending with the suffix .org and .info, confirmed that it had witnessed an unusual increase in traffic. In all, three of the 13 servers at the top of the DNS hierarchy are said to have felt the impact of the attack, although none are thought to have stopped working entirely.”
This is a real eye opener since so much of what we do as a society is now tied directly to the Internet. I remember reading where just a single system was controlling some 1.5 million computers, until it was finally shutdown.
Full story here.
[tags]internet, attack, sophos, warning, traffic, [/tags]