“Nicole Santos” recently became trending topic on Twitter.
But “Nicole Santos” is not a person. She is a malicious Trojan software that made her presence known on May 12 on Facebook. Facebook users receive numerous, profane, and accusatory messages from one “Nicole Santos.”
A shirt was made in her honor by an enterprising person from the buy-and-sell site Etsy. A comedian named Ethan Newberry made a music video parody about her.
The inflammatory messages also contain the statement “Vote for Nicole Santos,” which was used by the Etsy T-shirt maker. Later messages will contain a link that claims to be a solution that will stop the flow of more vulgar messages.
However, the link is actually the script that accesses the users’ Facebook accounts and also taps into the victims’ network to spread itself.
One variation of the “Nicole Santos” Facebook spam had legitimate-looking links, asking users to “VERIFY THE ACCOUNT” that actually lead users to spread the malware even more. As such those within the Facebook network of victims Facebook networks will also get flooded with spam.
Facebook officials have so far stalled the spread after numerous complaints from victims of their service.
"This spam was spread by a vulnerability in our code and we worked quickly to resolve this matter. The bug caused a small number of spam comments to be posted to users' walls, and we are in the process of cleaning up any spam it may have caused."
The (Facebook) spokesperson also confirmed that the bug was in their handling of certain story types that "improperly allowed a specific-category of URLs (javascript: URLs)", before it pushed out a fix that restricted links of this kind.
“Nicole Santos” is a variation of a remove-this-app worm that was previously spread through Facebook. There are several types of this worm such as the Palevo.AP, Netsky.AP
Attacks on Facebook users have been increasing lately as cybercriminals see more effective use ofsocial engineering in the service. People tend to trust people more within their networks, which is what cybercriminals are hoping to target.
There are at least 500 million active Facebook users today, 70 percent of whom are outside the United States. The Philippines as at least 23 million Facebook users and continues to grow.
Software security firm Sophos has some tips that should remind people to protect their social network services from such attacks. These include adjust Facebook privacy settings to protect identity and content, carefully thinking who would be allowed to be part of one’s network, showing "limited friends" to cut-down versions of personal profile.
Other tips include avoiding clicking on suspicious links and reporting them to Facebook’s helpdesk, thinking first what to put in one’s Facebook Wall, and keeping PC security software up-to-date.
Source: Yahoo! Philippines
