Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    In the past few days, Facebook played host to a string of malicious attacks involving a fake Osama bin Laden video, an event that leads to a site that supposedly allows users to see who has viewed their profiles, and a spam that uses several Facebook features to spread malicious links. These incidents led Facebook users to question the safety and security of the social networking site.

    Unfortunately, the same desire to stay safe from malicious attacks are now being used by cybercriminals to instigate yet another spam campaign. We recently saw several Facebook wall posts that claim to have the ability to verify the security of users’ accounts. Clicking the link to the verification site, according to the posts, is supposed to help the users avoid Facebook spam. In reality, however, accessing the site is just another ploy to instigate the very same threat that the user wants to prevent.

    Similar to previously reported Facebook threats, this spam run starts from a wall post supposedly made by an online contact. The post encourages the users to verify the safety of their Facebook accounts by clicking an embedded link with the text, ==VERIFY MY ACCOUNT==. Clicking the link immediately redirects the users to a site that runs a specific malicious script.

    Click for larger view

    The script collates a list of the affected users’ Facebook contacts and displays the same text on their walls. Detected by Trend Micro as JS_DOOLF.SPM, the script also displays an alert that says Verification Failed. Click OK and follow the steps to prevent your account from being deleted.

    The alert also points to a document supposedly hosted on http://{BLOCKED}, which is no longer accessible.

    Click for larger view

    Reports say that the attack from which the campaign originates uses a different social engineering lure—a rather offensive message and a call to vote for a girl named Nicole Santos. A Facebook spokesperson was interviewed about the said attack and confirmed that the spammed message spread because of a bug in their code that has since then been resolved.

    Trend Micro product users need not worry, however, as they are already protected from this threat via the Trend Micro™ Smart Protection Network™.

    For more information on social-networking-related attacks, users may also refer to our comprehensive report entitled “Spam, Scams, and Other Social Media Threats.”

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice