The recent Facebook password virus is joined by a copyright lawsuit virus that work on a similar principle.
In the Facebook password email virus, you receive an email telling you that your Facebook password has been changed. If you follow the link in the email, you are taken not to Facebook, but to a website loaded with malware that will try to infect your computer. Another form of the virus may simply try to steal your Facebook ID and password by getting your to use them on a fake website. Then send itself to all your Facebook contacts.
In the “A Copyright lawsuit has been filed against you.” email virus you get an email that you are being sued.
There is a link to a site (actually adirect link to a Word doc file). Going to the site gets the same result as above. The copyright virus is known to be targeting CEO’s and executives of companies. Trying to open the .doc file makes the malware infection more likely.
Both these pieces of malware rely on social engineering to get around anti-virus.
In most cases, an anti-virus or firewall might stop any file that would be in an email with a virus (the copyright malware may not be detected yet by much anti-virus software making it very dangerous). Instead of the email containing the malware, the website link is where the danger resides. This may prevent the firewall or anti-virus from catching it.
How can you combat this form a malware?
Never follow an email link to a site where you have an account.
Use a bookmark you have on your computer. It is very easy to fake the source of an email. Don’t trust links in email.
Make sure all the software on your computer is up to date.
In many cases, the malware may need a known exploit to infect your computer. Updaes patch those exploits. Keeping your computer updated may keep a lot of that malware from working.
Use your head.
Social engineered malware needs a person to act in order to work. Sometimes you can catch some obvious clues. Maybe the Facebook email virus is coming to an email account you don’t use for email (I have a ton of these to an email that has never had anything to do with Facebook-kinda obvious). The copyright lawsuit email is known for some badly spelled words. Unfortunately, these things are getting harder to spot and more ingenious all the time.
Use an effective anti-virus.
Consider it your last line of defense though. Some of the new malware is very difficult to detect and different anti-virus programs have varied results at stopping them. Make sure to do a full scan with your anti-virus regularly. Do not fall for the fake anti-virus scams out there. There are some fake anti-virus scams that even have a live person to answer the phone if you call. If you are getting a pop-up ad for an anti-virus program, it is a virus! You are probably already infected with it.
Read this site regularly.
I’ll be trying to keep you informed of malware that is out there. Make sure that you are getting my free updates in your email so you don’t miss that one important update the could have saved you.