Fortinet recently released its latest "Threat Landscape" report for April, and of particular note are two new malware variants targeting Facebook. Apparently, the variants spoof official-looking mail from Facebook and warns users that their Facebook password has been reset and a malicious attachment has the new password. Clicking on the attachment can lead to immediate infection.
Said Derek Manky, senior security strategist at Fortinet:
The Facebook malware variants we examined are botnet loaders, which, upon execution, connect to a command and control server to download and display a document that reveals a bogus password in an effort to look legitimate. Afterwards, the botnet continues to run in the background and requests files to download and execute, one by one. Always beware of file attachments, never disclose information generated by an unsolicited request, and attempt to confirm identities of those who contact you.
Facebook has already taken steps to combat the malware. According to CNET, Facebook has launched several new security features that aim to protect users from malware and from having their accounts hijacked.
The CNET article explains:
First, the site will display warnings when users are about to be duped by clickjacking and cross-site scripting attacks in which they think they are following a link to an interesting news story or taking action to see a video and instead end up spamming their friends.
Facebook also is offering two-factor authentication called "Login Approvals," which if turned on will require users to enter a code whenever they log into the site from a new or unrecognized device. The code is sent via text message to the user's mobile phone.
Finally, Facebook is partnering with the free Web of Trust safe surfing service to give Facebook users more information about the sites they are linking to from the social network. When a user clicks on a potentially malicious link, a warning box will appear that gives more information about why the site might be dangerous. The user can either ignore the warning or go back to the previous page.
It's nice to see bad Facebook news balanced with good Facebook news for a change.