Facebook Spam Spreads Through Multiple Features
In the past we’ve seen several kinds of Facebook spam runs, all separately using different Facebook features to spread. We’ve seen wall posts, events, and chat messages used to send out links leading to malicious scripts.
Recently however we saw one particular run that uses not only one of the mentioned features, but rather all of them.
The said spam run involves a URL which entices users by featuring an application which supposedly shows them how they will look like in 20 years. The said site tells users to follow certain steps to use the application, the first of which is to copy a certain snippet of code.
The next step is for the user to log into their Facebook account, and then paste the copied code into the browser address bar. Doing such will trigger the following:
- A Facebook wall post will be created, where all of the user’s friends who are online at the moment of execution are tagged. The said wall post contains a link to the original URL, and the message “yeah mine is very funny!! check yours out : ))”. The post will also be “liked” by the affected user, and will show a comment posted supposedly also by affected user, saying “oomg I look funny as hell haha”.
- The affected user’s friends receives messages through chat. The message will contain the same original URL.
- Lastly, an event with the title “See your face in 20 years” is created, along with the message “Hey yo guys , I found a cool site that tells you how you will look like in 20 years old” and of course, the URL to the instructions mentioned earlier.
Upon analyzing the script that triggered the above mentioned routines, we found that it is capable of spreading the link through another means, this time the Notes feature. It creates a note which leads to the URL, and then tags the affected user’s friends to entice them into clicking it.
We weren’t able to replicate the said technique, but we were able to see a similar run, this time using the familiar “stalking” pitch:
The link used for the said run used the Google URL shortening service, and is already disabled by Google. Furthermore, the script used in the “see yourself in 20 years” spam run is already detected through the Trend Micro™ Smart Protection Network™ as JS_MALAGENT.PB . For more information on the kinds of threats that spread through social networks such as Facebook and Twitter, you may check our report, Spam, Scams and Other Social Media Threats.
Post from: TrendLabs | Malware Blog – by Trend Micro
Facebook Spam Spreads Through Multiple Features
Spotlight
Cloud Computing
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
- FBI trying to train financial execs on cyber threats
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet