Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    We recently discovered a Facebook attack that uses the business-related social networking site, LinkedIn as redirector site. The attack begins with a wall post that bears the subject, “The Video That Just Ended Justin Biebers Career For Good!” Clicking the URL in the image creates a similar wall post on affected users’ accounts.

    Click for larger view

    This Facebook attack using LinkedIn is new, as cybercriminals normally employ URL shorteners and Facebook fan pages to point users to malicious sites. The use of a legitimate site definitely increases the possibility that users will dismiss any suspicions that the post might be a malicious threat. In the past, we also reported various attacks that employed URL shorteners here:

    Although Facebook prompts a warning about the possible malicious URL activity, the said malicious URL can still be accessed via the site.

    Click for larger view

    As seen in the warning, the URL to which the user will be redirected to is not really under the LinkedIn domain but is rather a redirector to another URL. We find it unusual that LinkedIn would allow this type of redirector script on its site without performing some sort of check. Clicking Continue leads users to http://{BLOCKED}, which shows a video player-like interface, the supposed video on which shows famous singer, Justin Bieber.

    Click for larger view

    Clicking the Play button redirects the browser to http://{BLOCKED}, which displays a window that asks users to answer a survey before they can view the contents of the said Justin Bieber video. It also informs users that they can get a US$1000 Walmart gift card or a gift from Facebook if they answer the fake survey. The malicious script that performs the redirection is detected by Trend Micro as JS_FBJACK.D.

    Click for larger view

    After completing the survey, users will find that the said video doesn’t exist. Once again, the cybercriminals behind this attack benefit from those who paid to answer the online survey. In addition, this can also pave the way for malware infection and information theft.

    Trend Micro protects users from this attack via the Smart Protection Network™ that blocks all related URLs in order to prevent users from accessing the malicious sites.

    As cybercriminals consistently find news ways to trick users into participating in their schemes, it is of utmost importance that users know about the nature of these threats as well as how they can protect themselves. Social media users may check our report, “Spam, Scams, and Other Social Media Threats”.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice