Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Wouldn’t it be cool if you had immediate access to your favorite music and bands? What if these are readily available on your favorite social networking site?

    Unfortunately, spammers also find this cool. We recently noted messages and wall posts circulating on Facebook that promote a supposed new music player feature. Below is a screenshot of what these spammed messages typically look like.

    Click for larger view

    The script used in this spam run is now detected by Trend Micro as JS_FBJACK.B. Similar to other previously reported Facebook spam runs, once users access the alleged link, they are redirected to a site that tells them to follow several steps. The first of which is to copy a particular snippet of code onto their browser address bars, reminiscent of the “See You… In 20 Years!” Facebook attack, which spread via multiple features.

    Once done, the malicious script accesses the affected user’s Facebook friends list. From this list, it creates wall posts and sends chat messages to the accumulated Facebook contacts. The wall post and message read:

    “FaceBook finally added a profile music player! I’ve been wanting one of these forever! [LINK]” 

    The post contains any of the following links:

    • http://{BLOCKED}ures.webs.com/profilemusicplayer.htm
    • http://{BLOCKED}okfeatures.webs.com
    • http://{BLOCKED}ures7.webs.com/aboutme.htm
    • http://{BLOCKED}cplayer.webs.com
    • http://{BLOCKED}ilemusic.webs.com

    All of the links above currently redirect to a single URL, a scam site telling the affected users that they won a certain prize. The site then asks them to give out personal information.

    Click for larger view

    Trend Micro product users need not worry, however, as they are already protected from this kind of attack via the Trend Micro™ Smart Protection Network™.

    For more information on social-networking-related attacks, users may also refer to our comprehensive report entitled, “Spam, Scams, and Other Social Media Threats.”





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice