Video Screencast Help
Search Video Help Close Back
to help

Error

Created: 16 Feb 2013 | Updated: 23 Feb 2013 | 6 comments
Kirankumar's picture
Kirankumar
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello,

 

Means this Error "[SID 25821] web attack facebook fake survey 3 detected"

Discussion Filed Under:
, , ,

Comments 6 CommentsJump to latest comment

Ashish-Sharma's picture
Ashish-Sharma Partner
Error - Comment:16 Feb 2013 : Link

HI,

Check this artical

Web Attack: Facebook Fake Survey 3

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25821

Check this blog

Social Scams
https://www-secure.symantec.com/connect/blogs/social-scams

Here's a direct link to that white paper:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/scams_and_spam_to_

 

Check this thread

http://www.symantec.com/connect/forums/web-attack-facebook-fake-survey-3

 

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

+1
Login to vote
  • Actions
Kirankumar's picture
Kirankumar
Error - Comment:16 Feb 2013 : Link

I will check attach URL and update you.

0
Login to vote
  • Actions
Brian81's picture
Brian81 Trusted Advisor
Error - Comment:16 Feb 2013 : Link

It means your IPS has blocked an attack attempt. It should be doing its job. If you open your security log, more info will be there

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Error - Comment:18 Feb 2013 : Link

Hello,

Web Attack: Facebook Fake Survey 3 exploits Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/53848/info

I would recommend you to -

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure ALL the client machines are using the Latest Vendor Patches installed.

If the IPS signture indicates that the malicious traffic was safely blocked and your computers are fully patched, then you should be OK.  Definitely do keep your defences up and stay aware.  Social networking is great, but as with most things there are scams and dangers.  Her is some good reading from Symantec and Facebook security teams:

Social Scams

https://www-secure.symantec.com/connect/blogs/social-scams

Phishers' Fake Security App for Facebook

https://www-secure.symantec.com/connect/blogs/phishers-fake-security-app-facebook

Here's a direct link to that whitepaper:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/scams_and_spam_to_av

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

SOLUTION
+1
Login to vote
  • Actions
SameerU's picture
SameerU Partner Accredited
Error - Comment:21 Feb 2013 : Link

Hi

Please confirm that systems are patched with required microsoft patches and latest definitions update.

Regards

 

0
Login to vote
  • Actions
Ajit Jha's picture
Ajit Jha Partner
Error - Comment:21 Feb 2013 : Link

Hi Kiran,

Go through the Link below and you will understand what it is and why it is important to be blocked.

http://www.symantec.com/business/support/index?pag...

Regard's

Ajit Jha

Technical Consultant

ASC & STS

0
Login to vote
  • Actions