The spam reads “I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video ? Find out the TRUTH about Coke!!!”

Clicking on the link takes users to an external site displaying an image mimicking an embedded video player. However, instructions on the page reveal that the video can only be played if the user agrees to spread the news about it on Facebook. Victims are thu s encouraged to propagate the rogue messages and end up with their personal information stolen.

This is allegedly done in three steps. The first requires the user to “Like” the page. Judging by the number displayed next to the Like button, over 19,000 people have fallen for this scam so far. The second requirement is to “Share” the link on Facebook, while the third step asks the user to copy and paste the spam message cited above for seven times on Facebook.

According to a report from BitDefender, malware which spreads by abusing the Windows AutoRun feature was the most prominent threat on the Internet during the first half of 2010. China and Russia topped the list of countries that host malicious programs.

AutoRun is a Windows feature long abused by malware authors to spread their malicious creations. In fact, the risks posed by this functionality outweigh the benefits so much that many sec urity experts and antivirus vendors recommend disabling it altogether.

There is also an increased prevalence of PDF exploits with the generic Exploit.PDF-JS.Gen signature being the third most triggered one this year. The malware distributed through these PDF attacks is obviously also common.

As far as malware origin is concerned, China was responsible for hosting 31% of it. Russia is also responsible for harboring many of the world malware distribution operations, with 22% of the world's malware being hosted in this country. Brazil came next with a rate of 8.10%, the researchers noting that banking trojans are particularly prevalent here. The United States, a prominent malware-hosting country in the past, only ranked fifth this year with 5,0% and after UK with 6,00%. Spain (4,16%), Germany (3.80%), Sweden (2.91%), France (2.30%) and Ukraine (3.46%) complete the top 10.

Ref: http://news.softpedia.com/news/AutoRun-Malware-Dominates-the-Threat-Landscape-in-2010-147715.shtml

Security researchers warn that various domains in the .gov space had their DNS hijacked and are hosting pages that redirect users to adult websites. The hijacking seems to be part of a scheme to push FLVDirect adware.

Apparently, FLVDirect affiliates are abusing several government domains, including, but not limited to yanceycountync.gov, uppersiouxcommunity-nsn.gov, woodfin-nc.gov, dumontnj.gov and emporia-kansas.gov to trick users into downloading and installing adware on their computers. The attackers have managed to create sub-domains on the affected domains.

Pages hosted on the rogue sub-domains are riddled with keywords and being used in a black hat search engine optimization (BHSEO) campaign to poison search results for queries related to adult content. Such techniques are commonly employed by cyber crooks to infect unsupecting users looking for information on current events with scareware.

Visiting any of the pages hosted on the rogue sub domains redirects users to either a FLVDirect affiliate site promising hundreds of hours of adult videos for free or an adult dating community. FLVDirect is well known piece of adware – an application designed to display unsolicited ads once installed on a computer.

Ref: http://news.softpedia.com/news/Government-Domains-Point-to-Adult-Content-147902.shtml

Security researchers have discovered a vulnerability which can be used to force Facebook users into liking arbitrary pages. The type of attack is known as clickjacking and does not require any form of user confirmation.

The Facebook “Like” button allows users to share content they find interesting on the Web. The feature is meant to allow users with similar interests to easily find and connect to each other on the social networking website. The button can be integrated by webmasters into any page on their website via a special IFrame.

Successful exploitation results in arbitrary content being added to the user's Facebook News Feed.

This type of attack, which is known as clickjacking or user interface (UI) redressing, can allow for the creation of so called social networking worms – malicious messages that spread virally. The existence of such a vulnerability is worrying because Facebook scams abusing the Like functionality have been particularly active lately.

Ref: http://news.softpedia.com/news/Facebook-Users-Can-Be-Forced-into-Liking-Arbitrary-Pages-147531.shtml

A clickjacking worm that forced hundreds of thousands of unsuspecting Facebook users to unknowingly post spam messages on their profiles, rapidly spread through the social networking website. The worm used catchy news headlines to lure its victims into the trap.

Clickjacking is a Web attack technique that involves hijacking the users mouse clicks on a page and using them to trigger unauthorized actions. The attack is technically known as user interface (UI) redressing because it hides a clickable object, such as a button, by making it transparent and superimposing it over a non-dangerous looking one.

The latest Facebook worm seems to be a proof of concept, becuase it does nothing destructive and its only purpose is to propagate. The offending messages posted on its victims' profiles are based on real and catchy news topics from the past several months. "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE", "This man takes a picture of himself EVERYDAY for 8 YEARS!!", "The Prom Dress That Got This Girl Suspended From School", or "This Girl Has An Interesting Way Of Eating A Banana, Check It Out!" are some of the examples.

Clicking on the messages takes users to external pages hosted at blogspot.com, which only display a text that reads "Click here to continue." However, clicking anywhere on the page abuses a user's active Facebook session to publishing a spam message back to his profile.

To protect themselves, Mozilla Firefox users can install and use NoScript, a browser extension, which includes protection against clickjacking attacks.

Ref: http://news.softpedia.com/news/Clickjacking-Worm-Hits-Facebook-143463.shtml