Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Web Attack: Facebook Fake Survey 3

Created: 11 Oct 2012 | 9 comments
julrendo's picture

Good

can indicate that I do when I get the next attack signature:
Web Attack: Facebook Fake Survey 3.

what actions I can take to mitigate this vulnerability

Thanks

Comments 9 CommentsJump to latest comment

.Brian's picture

What was the action taken on this IPS alert? You can check the log. If it was blocked than the IPS is doing its job and no further action needed. 

The log will also show the the remote host, hopefully an external IP. If so you can block it at your firewall.

If internal, you should find that host and run a full scan on it in safemode to be safe.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Web Attack: Facebook Fake Survey 3 exploits Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/53848/info

I would recommend you to -

1) Make sure ALL Computers are installed with Symantec EP with latest / updated with virus defintions.

2) Install ALL Latest Microsoft Secuirty Patches / Sevice Packs on ALL machines.

3) Make sure ALL the client machines are using the Latest Vendor Patches installed.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Fabiano.Pessoa's picture

Hi

This attack is an internal web (network)?

Fabiano Pessoa

Systems Analyst - Forensic Expert

Fabiano.Pessoa's picture

When attack is the external IP it varies greatly.
SEP blocks easily since NORTON also always alert and block this type of attack, actually protect him (the current IP) is basically out of context because as I said it varies greatly.
The best defense of truth beyond the SEP is you do not click on external links even from trusted sources.

Fabiano Pessoa

Systems Analyst - Forensic Expert

Fabiano.Pessoa's picture

Hi,

Long time I made this video and posted exactly for this type of attack.
In case this is internal, one external'll also, but it's basically the same thing.
In this case it is almost impossible to hold inside it, the best option is to avoid typing something we do not know and do not fall into social engineering.

hugs

See this Link https://www-secure.symantec.com/connect/ideas/own-browser

Fabiano Pessoa

Systems Analyst - Forensic Expert

ferdi64's picture

Norton blocked a Facebook Fake Offer from a webpage I know very well is safe. It a simple FAQ text with an action button to a registration page.  What do I do to allow me access to that FAQ URL?
Thanks 

.Brian's picture

If this is for Norton and not SEP, you should post on the Norton community for better visibility:

http://community.norton.com/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

If the IPS signture indicates that the malicious traffic was safely blocked and your computers are fully patched, then you should be OK.  Definitely do keep your defences up and stay aware.  Social networking is great, but as with most things there are scams and dangers.  Her is some good reading from Symantec and Facebook security teams:

Social Scams
https://www-secure.symantec.com/connect/blogs/social-scams

Here's a direct link to that white paper:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/scams_and_spam_to_avoid_on_facebook.pdf

With thanks and best regards,

Mick