Facebook scam packs double whammy
Posted on 10.07.2013
A new phishing / malware delivery scam is doing rounds on Facebook, warns ThreatTrack's Chris Boyd.

The lure is a message saying "I'm serious guys If you people don't stop posting this of me I will be erasing my account. [LINK TO A TUMBLR ACCOUNT]"

Those unfortunate enough to believe that the account holder has posted the message will likely follow the offered link, and end up on a spammy Tumblr that will try to redirect them fake Facebook login page.

The bogus page is very realistic, and asks the victims to enter both their Facebook account credentials as well as the answer to a security question (click on the screenshot to enlarge it):



After this information is submitted, the victims are faced with another obstacle to finding out exactly what kind of content their friend finds objectionable: a pop-up telling them that they need to download an update "Youtube Player".

Of course, the offered executable (Flashplayerv10.1.57.108.exe) is not an update, but a malicious file that uses Windows Script Host to run a .VBS file that forces the victims to reboot their computers.

Under the surface, the malware does even more than that: it checks whether the computer runs Java and if not, it tries to install it. It they contacts a remote server and tries to download several more .JAR files, among which is a (Bitcoin?) miner and a proxy.









Spotlight

Over 225,000 Apple accounts compromised via iOS malware

Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Sep 1st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //