Facebook scams now lead to exploit kits
Posted on 23.07.2014
The Facebook scam is a familiar phenomenon to every user of the popular social network, and most of them have fallen for it at one time or another as it only takes a moment of distraction to click on an interesting link.

Most of these scams don't do lasting damage to users or their computers but, as Symantec researchers noted, attackers have lately become more aggressive and are now using Facebook scams to exploit a user's system.

One example is the recent “EXPOSED: Mom Makes $8,000/Month From Home” scam, where victims are ultimately redirected to a third-party website containing an iframe for the Nuclear exploit kit.

The kit checks the victims' systems for exploitable vulnerabilities - usually Java, Adobe Reader, and/or Internet Explorer flaws - and if finds one, drops the Ascesso Trojan on the system.

This particular piece of malware sends spam emails and can download additional malicious files from a remote location.

"The attacker may entice victims to share the following links or they may be shared automatically if the victim’s computer has been compromised," the researchers noted.

If a scam such as this also contains the step where a user is asked to complete a survey before being able to see the offer, the scammer also earns money in the process.

This particular scam has been removed by Facebook but, needless to say, this is just a small bump in the road for the scammers - they will soon come up with a new ruse, so users are urged to be careful when following links shared by friends.


101,000 US taxpayers affected by automated attack on IRS app

The IRS has revealed more details about an attack it suffered last month, mounted by unknown individuals with the aim to file fraudulent tax returns and funnel the returned money to their own bank accounts.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Feb 10th