We recently discovered a Facebook attack that uses the business-related social networking site, LinkedIn as redirector site. The attack begins with a wall post that bears the subject, “The Video That Just Ended Justin Biebers Career For Good!” Clicking the URL in the image creates a similar wall post on affected users’ accounts.
This Facebook attack using LinkedIn is new, as cybercriminals normally employ URL shorteners and Facebook fan pages to point users to malicious sites. The use of a legitimate site definitely increases the possibility that users will dismiss any suspicions that the post might be a malicious threat. In the past, we also reported various attacks that employed URL shorteners here:
- Facebook Spam Spreads Through Multiple Features
- Bogus Twitter Spam Hits Inboxes
- Shortened URLs in IM Apps Lead to a Worm
Although Facebook prompts a warning about the possible malicious URL activity, the said malicious URL can still be accessed via the site.