Malware doesn’t always need to attack your computer through browser or OS based exploits. Sometimes, it’s the social networks themselves that can be the problem. An ongoing spam campaign is using boobytrapped image files to download and infect users with the Locky ransomware, Israeli security firm Check Point reports.
This works by taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The security firm says that malware authors have identified vulnerabilities in the social networks that forcibly download a maliciously coded image file on the user’s computer, but in some cases, the user had to click on the image to download it.
When users detect the automatic download, if they access the malformed image, malicious code will install the Locky ransomware on their computers. While the actual Locky code is relatively pedestrian and easy to avoid if you’re aware (just don’t open the file), it’s the delivery mechanism that has analysts worried.
Social media platforms are generally considered a safer place on the internet even by security experts and many people aren’t used to worrying about their downloads at sites like Facebook.
Check Point has declined to provide any technical details at the time of writing because both Facebook and LinkedIn haven’t fixed the vulnerability exploited by the attackers. The company says it reported the issue back in September. Users are warned about opening what look to be image files with unusual extensions, such as SVG, JS or HTA.
This makes us believe the spammers are using double extensions to hide the true nature of the file. By default, Windows hides a file’s extension. So when you see a file like image.jpg, it may be actually hiding a second extension, such as image.jpg.hta or image.jpg.js.
The file extensions which Check Point mentioned, SVG, JS, and HTA, have the ability to download content from an online server and run it. Just to be on the safe side, if you want Windows to show file extensions, you can do it. For the time being, it may be safe to avoid opening any unsolicited file you receive via private messages on Facebook or LinkedIn, or files that mysteriously download to your PC.
Whether or not you’re in the clear, this is a reminder that you can’t take the safety of social sites for granted — it’s a good idea to be wary of any downloads you weren’t expecting.
Via : ArsTechnica