Monday, December 12, 2011

Kaspersky warns me about a Facebook Trojan when I visit a NYTime debate page in XP; one "fake survey" pops up

Today, when accessing a New York Times opinion page debating blogger journalism, from Google Chrome, my Windows 7 computer  (Dell XPS) hiccoughed for a few seconds and froze, then released the page.  This sometimes happens once in a day after a restart. It seems as though the system needs to start one more service to run a script.  

I wrote a post and linked to it OK on my “BillBoushka” blog today, and Firefox under Webroot/Sophos accepted the linked NYTimes page OK, no warnings.  (Usually it's Webroot that catches these first; today it was Kaspersky instead, even though Webroot did a full update this morning.)

But on another XP machine with Kaspersky under Google Chrome, I got a warning about a possible spyware script, which is unusual.  The Kaspersky report showed something like “facebook/com/dialogue/oauth with an application number of 9869919170.  I double checked and this has no connection at all to my own Facebook account, and in fact I wasn’t logged on to Facebook in any browser through which I accessed this page. 

I tried the XP Kaspersky experiment several times. Just once, a pop-up appeared for a “On Question Site Survey” at the bottom.  I forget what it was trying to survey or sell (short term memory?)   I simply closed the survey and everything was normal.  I suspect that the survey would have asked for personal information or cell phone numbers for spam. 

I don’t know if this is a legitimate hack or not – it’s on a New York Times page if it is.  I don’t know how it got in, and so far only Kaspersky finds it.  

There have been problems with fake surveys being embedded in Facebook apps for phishing purposes; maybe some of them are being picked up by major news sites and not being caught by security. 
I consistently find that different vendors find different threats that other miss.   That doesn’t bode well for PC home security for the average user depending on one vendor. 

No comments: