Aol.|Mail|Click here to return to

Don't Do It!

Malicious software pretends to be your friend, hijacks your Facebook account

Next time your friend appears to send you a strange video link, think twice about clicking on it -- it could infect your computer. According to the New York Times, Facebook is being used to spread malicious software that acts like a message or email to gain access to your account and browser information.

The software masquerading as an email or Facebook message notifies users that they have been tagged in a post and includes a link in the message. The link then directs you to a website where it asks to install a browser extension in order to play a video.

If the browser extension is installed, it can gain access to any sensitive information stored in your browser including passwords and log-in information. And once the extension is installed, it is tough to remove because it blocks user access to browser settings.

According to researchers who discovered this Facebook malware, it is affecting as many as 40,000 users per hour and has infected 800,000 people so far. The malware was originally designed to specifically target users of Google Chrome, but has since spread to Mozilla Firefox as well.

Attacks though social network messages are fairly common and once someone has been infected, they often become a carrier of the malware for their friends. Receiving a message from a friend through a social network doesn't raise as many flags as messages from unknown users and while the message might seem strange, people tend to be more apt to click the link.

These kinds of attacks also take advantage of a user's apathy towards computer permissions, since unsuspecting people will often click "accept" to a prompt without thinking about it. Facebook is aware of the malware and is blocking and clearing the links wherever they are found. Google has already disabled the extension in their Chrome browser.

While this particular malware is being addressed, the tactic is common enough that it will most likely come up again. Luckily, these kinds of malicious software require a level of participation in order to be effective. To protect yourself from being fooled, make sure to never allow an extension to be installed that you didn't specifically want, and always be suspicious of strange messages, even if they are from people you normally trust.

Photo: Bengsoon Chuah