You’ve probably seen this status-jacking app in action, but if you’re tempted to use it, be aware that “My 1st St@tus” not only will not reveal your first ever Facebook post, but it will also expose you as a n00b to your friends through unauthorized posts to your Facebook wall.

According to Sophos, the information purported by the app to be your first status is incorrect, and the app goes on to lure you into scammy and possibly malware laden survey sites while also taking liberties with the wall posting thing. The security clearinghouse elaborates:

…it’s a complete confidence trick. It doesn’t tell you your first status message on Facebook – and it’s only intention is to drive as many people as possible into sharing the link (which can vary – we have seen several examples) further and further across Facebook, earning the scammers money.

These types of scams have surfaced before and will continue to pop up on Facebook as quickly as they’re removed. It’s best to approach apps like this with a grain of salt because as one user reports:

I’ve just been pinged by a very similar looking scam application that claimed to be from facebook… Exactly the same MO…to prove I was human I had to complete a survey! I deleted it immediately but not before it bombarded my whole friends list with with a very tempting link to dupe them as well! GGrrr!!!!

As with the “shocking video” facebook status update hijacker trend, you should also expect to see a number of similar apps pop up until the scammers move on to a new, hard to resist imaginary functionality to lure the unaware.

‘Rogue app’ won’t show you your first Facebook status, will spam your friends is a post from: The Inquisitr

Twitter was plagued for a bit this morning by a mouseover security flaw that compromised user accounts even if those affected didn’t click the offending link.

Sophos explains how the security flaw compromised “thousands” of accounts, including some high profile ones, redirecting unsuspecting users to “hardcore Japanese porn sites” before it was patched:

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. In a worrying development, messages are also spreading virally exploiting the vulnerability without the consent of users.

The Register says that Twitter’s team tackled the exploit in within two hours of its appearance. The head of Twitter’s “Trust and Safety” team posted an update confirming the security flaw had been resolved:

The XSS attack should now be fully patched and no longer exploitable. Thanks, those reporting it.

Users employing third-party clients for Twitter such as Tweet Deck were not affected by the exploit.

[Image]

Twitter says porn mouseover exploit is ‘fully patched’ is a post from: The Inquisitr

If there’s one thing we can learn from Facebook and social networking in general, it’s that if people are enticed with illicit material and anything labeled “shocking,” their anti-malware sensors malfunction.

I’ve been seeing a disappointing number of folks in my Facebook feed “adding” these “sexiest ever” or “most shocking naughty students/shark attack/angry pensioner caught on tape” groups after being lured by the promise of viewing clips that show the promised sex, violence or wipeouts. This particular round is titled in a not very legitimate sounding way to begin with- “OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark.”

Sophos examines the latest Facebook clickjacking attempt that has, by its duplicitous nature, gone viral:

(After opening the page, when) you agree to click on the coloured buttons (and I have to wonder why you would) then you are actually being clickjacked – secretly liking and sharing the link with all of your Facebook friends. You’re in good company at least – thousands of other Facebook users have done the same…

As with previous, similar attacks, the group then mercilessly spams your friends, possibly drawing them in and making you look like a complete noob in the process. On their blog, Sophos chides:

And now you’re a fan of that page they’re free to send your updates and messages, and potentially spam you or send you malicious links. What’s worse – you’ve endorsed the page and shared it with your online mates… All because you wanted to watch a shocking video of a girl being attacked by a shark.

When presented with the dangling “shocking” footage, please bear in mind that this is the internet. If a clip was that horribly awesome, it would be freely available- not behind a series of walls on Facebook. Besides, if you’re really feeling that bloodthirsty, it’s still Shark Week for a couple more days.

[via 1000 Books, 1000 Miles]

If a Facebook link says “shocking video,” just please don’t click it is a post from: The Inquisitr

Sophos says Google’s free blog hosting service has more malware than any other single site on the Web, with 2 percent of all the world’s dangerous code — both in hacker-created blogs and in innocent blogs infested with malicious comments. Google says hosting any malicious code is, of course, a violation and something its staff actively works to avoid.

Another curious discovery: Messages claiming to contain naked photos of Angelina Jolie or Nicole Kidman are the most common forms of e-mail-based malware, Sophos found.

Overall, Sophos says there are now 11 million different pieces of malware floating around, with 20,000 new samples coming in daily. Engineers say they’re finding three times the amount of problematic content as they did last year.

Study: Blogspot, Naked Female Celebs Pose Worst Malware Risks is a post from: The Inquisitr