Fake News Headline "U.S. Attacks Iran and Saudia Arabia" Leads to Malware on Facebook

If you see a post on Facebook claiming that the United States has attacked Iran and Saudi Arabia, don’t click on it.

U.S. Attacks Iran and Saudia Arabia. F#ck :-( [http://randomdomain.co.uk/cnn/] The Begin of World War 3?

Cybercriminals are hoping that users won’t be able to resist the headline, follow the link to a spoofed CNN site – all of which appear to be on UK domains – and fall for the old “you need to download a Flash update” routine.

Of course, it’s never a good idea to download any kind of software update from an unknown party.

Instead of downloading a Flash update, you will get malware that researchers over at Sophos security have identified as Troj/Rootkit-KK, which drops a rootkit called Troj/Rootkit-JV onto your PC.

While Sophos doesn’t have a solid idea on just how the malicious messages are being spread, they suspect that malware residing on user machines is the culprit.

In addition to users taking the precautionary route of doing a full system scan using whatever antivirus software they use, I suggest checking for rogue browser plug-ins that may have inadvertently been installed at some point and reviewing the list of applications that have access to your Facebook profile.

You can check to see what apps have access to your Facebook profile by clicking the little arrow icon, selecting ‘Account Settings’ and then clicking ‘App’ in the left-hand navigation.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.