Besides the fake Facebook Profile Viewer ruse, we found another Facebook scam that lures users into downloading a fake Adobe Flash Player plugin. We noticed countless feeds pointing to a Facebook page with more than 90 million “likes”. For some, this huge number of Facebook likes may be enough for them to check the page out. It also means that the page is quite popular and may lead users into thinking that it is legitimate and harmless.

Figure 1. Spammed Facebook post

However, we verified that this 91 million Likes is not true at all and is merely a social engineering lure. Once users visit the page, they are instead lead to this site.

Figure 2. Users are lead to this site that host fake Adobe Flash plugin

From the looks of it, the page is supposed to host an Adobe Flash Player plugin (detected as TROJ_FAKEADB.US). If user downloads the plugin and is browsing the page via Google Chrome, the page will automatically close and a Chrome extension file is dropped. This extension file is detected as TROJ_EXTADB.US.

Once installed, the malware will spam the same post using the affected user’s account (even tagging their friends in the message.) Also, TROJ_EXTADB.US was found to send and receive information from certain URLs. We already blocks access to all the URLs related to this threat.

Read the rest of this entry »

Possibly the most common sham seen on social networking sites, survey scams have certainly figured prominently in this year’s Web threat story. Phishing scams aimed at sites like Facebook are also prevalent this year. Before we bid 2012 goodbye, we give you a rundown of some Facebook-themed scams and threats we saw during the last week of December.

Choose Your Facebook Theme Scam

Possibly an incarnate of last February’s fake Facebook Valentine’s theme, we saw two scams that peddle new color themes for Facebook. The first scam promises a red or black Facebook theme. This scam was even found spreading on Tumblr.

Read the rest of this entry »