link to a malware-laden fake CNN news page reporting the U.S. has
attacked Iran and Saudi Arabia, security firm Sophos said Friday.
users who follow the link then click to play what purports to be video coverage
of the attack, they are prompted to update their Adobe Flash player with a
pop-up window that looks very much like the real thing. Those who accept
the prompt unwittingly install malware on their computers.
hours of the scam's appearance, more than 60,000 users had followed a link
to the spoofed CNN page, according to Sophos Senior Security Advisor Chester
Wisniewski. Facebook removed that link, but others are still being
"The bad guys are rotating through scam pages trying to stay
ahead of Facebook," Wisniewski said.
In a statement, Facebook said
it was "in the process of cleaning up this spam now, and remediating any