A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the U.S. has attacked Iran and Saudi Arabia, security firm Sophos said Friday. If users who follow the link then click to play what purports to be video coverage of the attack, they are prompted to update their Adobe Flash player with a pop-up window that looks very much like the real thing.
Those who accept the prompt unwittingly install malware on their computers. Within three hours of the scam's appearance, more than 60,000 users had followed a link to the spoofed CNN page, according to Sophos Senior Security Advisor Chester Wisniewski. Facebook removed that link, but others are still being shared.
"The bad guys are rotating through scam pages trying to stay ahead of Facebook," Wisniewski said. In a statement, Facebook said it was "in the process of cleaning up this spam now, and re-mediating any affected users." Wisniewski said there are a number of ways that status updates could appear without users' knowledge. Their Facebook accounts could have been hacked, allowing a third party to update their status.
[We are] in the process of cleaning up this spam now, and re-mediating any affected users
In addition to exercising a healthy dose of skepticism that the U.S. would attack its ally Saudi Arabia, Facebook users can avoid the scam and others like it by updating Flash only from Adobe's own website rather than from pop-ups.