Funny Facebook video scam leaves unamusing Trojan
Posted on 21.07.2014
A new funny video spreading on Facebook leaves a not-so-hilarious Trojan in its wake on users’ computers, according to research by Bitdefender. The malware, believed to originate from Albania, can access a large amount of data from the user’s internet browser.


The scam begins with what appears to be a funny video of a Facebook friend. Once the video is clicked on, users are directed to a fake YouTube page, which then redirects them to a malicious Flash Player.exe for an Adobe update.

“Scammers have created over 20,000 unique URLs that redirect victims to malicious websites and a fake alluring YouTube video, showing a woman taking her clothes off on a webcam,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “The video seems to actually play for a couple of seconds to entice male users to click. Malware writers faked the number of views so the video seems to have been watched by over a million users.”

Catalin Cosoi continues, “After stealing Facebook information, victims’ profile names are added into the fake YouTube URL parameters. This enables them to make the video seem more legitimate, as it looks like it is posted by users’ friends.”

In an attempt to bypass security, the hackers got their hands on over 60 bit.ly API keys that helped them generate shortened URLs. The unique links are then spread on Facebook timelines. As API keys are randomly selected, blacklisting a couple does not stop the scam from spreading. Bitdefender has notified bit.ly of the issue.

The malware writers used an add-on framework that allows their code to function on several browsers. With Google Chrome, the malicious YouTube video redirects users to a fake FlashPlayer install. The file, detected by Bitdefender as Trojan.Agent.BDYV, drops a password-protected archive on the computer and a .bat file, designed to run the executable in the archive after providing the password as a parameter. With Firefox, the page prompts for a malicious add-on install.

On both browsers, the add-on tags 20 Facebook friends at a time and injects ad services into the page. The extension also fiddles with some of the social network’s functionalities so that users can't delete the malicious posts from their timeline and activity log.

“We advise users to exercise caution before clicking on Facebook videos,” adds Catalin Cosoi. “Keep your antivirus solution and other software updated and warn your friends if you believe they are at risk of becoming malware victims.”





Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //