Without a doubt, Facebook is the most popular social networking site today among users and cybercriminals alike. Every now and then, Trend Micro discovers threats that ride on the popularity of the said social networking site. For instance just last week, Trend Micro researcher Rik Ferguson reported a new variant of Koobface propagating via Facebook.
Earlier today, Trend Micro was alerted of another Facebook attack involving a dancing girl’s video and a bogus Facebook website. Spammed messages supposedly from Facebook entice users to click on the link to view the said video. The email seems legitimate and utilizes ‘appealing’ subjects like Facebook Message: Girls Dancing on facebook Video (Last rated by Fannie Cano), FaceBook message: Dancing girl oriental dance … (Last rated by Abdul Kay), and FaceBook message: Hot Girl Dancing At Striptease Dance Party to name a few. Here’s a screenshot of the email message:
Figure 1. Sample spam message
Clicking the link lands users to a bogus Facebook site that asks the user to install the malicious file, Adobe_Player11.exe to watch the video. Trend Micro detects this file as TSPY_PAPRAS.AX. PAPRAS variants are info-stealers that launch a carnivore sniffer to retrieve passwords from network packets. It then sends gathered information to a remote site.
Facebook’s fame has definitely made it a good avenue for cybercriminals to proliferate malware. Here are some of the notable Facebook attacks in the past:
- New Variant of Koobface Worm Spreading on Facebook
- A Second Rogue Facebook Application in Just a Week?
- Rogue Facebook App Linked to Blackhat SEO
- Return of the Facebook Photo Scam
- So Is It Twitter or Facebook?
As always, users are advised to be vigilant in opening any emails even if it is supposedly from a known source.