Facebook scam packs double whammy
Posted on 10.07.2013
A new phishing / malware delivery scam is doing rounds on Facebook, warns ThreatTrack's Chris Boyd.

The lure is a message saying "I'm serious guys If you people don't stop posting this of me I will be erasing my account. [LINK TO A TUMBLR ACCOUNT]"

Those unfortunate enough to believe that the account holder has posted the message will likely follow the offered link, and end up on a spammy Tumblr that will try to redirect them fake Facebook login page.

The bogus page is very realistic, and asks the victims to enter both their Facebook account credentials as well as the answer to a security question (click on the screenshot to enlarge it):



After this information is submitted, the victims are faced with another obstacle to finding out exactly what kind of content their friend finds objectionable: a pop-up telling them that they need to download an update "Youtube Player".

Of course, the offered executable (Flashplayerv10.1.57.108.exe) is not an update, but a malicious file that uses Windows Script Host to run a .VBS file that forces the victims to reboot their computers.

Under the surface, the malware does even more than that: it checks whether the computer runs Java and if not, it tries to install it. It they contacts a remote server and tries to download several more .JAR files, among which is a (Bitcoin?) miner and a proxy.









Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Nov 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //