Facebook Users Get Invited to a Spam Event
For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engineering techniques used such as stalker tracker tools, news involving celebrities, and even footages of the recent Japan tragedy.
The said threats usually involve links accompanied by inviting text posted in affected users’ walls. Other users who get tricked into clicking the said links unknowingly execute a script, which lead to posting the very same spammy content.
Recently, however, we saw a different version of this scheme, which leverages a commonly used feature in Facebook—Events.
Instead of posting the spam links in users’ walls where it can easily get lost in the news feed, cybercriminals now use the Events feature to really grab their targets’ attention.
In this scheme, spammers create an event that will be enticing to many users. For example, we saw one event in a post that said ”How to Find Out Who’s Viewing Your Profile.“
 |
In the post’s More Info field, the spammer puts instructions that invited users must follow to be able to “view” or to “enjoy the service” the post promises—in this case, the ability to find out who viewed their profiles. You can see that most of the instructions contain ways to promote the event with the last step being to click a certain shortened link.
Needless to say, users tricked into following the given instructions end up promoting the spam event and making money for the spammer. Visiting the page the shortened link points to also executes a script that publishes the same link on the affected users’ walls.
 |
This scheme seems to work fairly well for spammers, as we’ve seen spam events to which tens of thousands of users registered as attendees. We also observed that similar spam event posts are frequently updated by their posters, usually only modifying the provided links to avoid blockage.
As such, users are warned to ignore invitations of a similar nature. We are continuously monitoring for similar spam and blocking related URLs with the help of our Web Reputation Technology.
Post from: TrendLabs | Malware Blog – by Trend Micro
Facebook Users Get Invited to a Spam Event
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet