In the latest scam, detected by researchers at Sophos, users receive a message, allegedly coming from one of their friends that states "I can't believe a GIRL did this because of Justin Bieber" coupled with a link to a YouTube knock-off site called "FouTube."
However, the Facebook "Like" option leads to a likejacking scam, resembling many of the attacks that circulated on Facebook earlier this year, according to Chester Wisniewski, a Sophos senior security advisor. Instead of spreading malware, the attack displays a survey and tricks users to subscribing to an exorbitant SMS services rate on their mobile phones. The attack also displays an offer to purchase Facebook Groups/Fan pages, supposedly to help propagate the scam.
Experts say that this attack differs from others in that it exploits users who "Like" the video.
"Most Facebook attacks I have looked at recently were rogue Facebook applications rather than simply liking a Web page," Sophos' Wisniewski said in a blog post Tuesday. "This one is quite poorly crafted, yet it is still spreading quite quickly amongst Facebook users who can't seem to get enough Justin Bieber."
Those users who have accidentally "Liked" the Justin Bieber Web page should visit their Facebook Wall and remove the "Like," Wisneiwski recommended.
Meanwhile Merianne Polintan, Trend Micro anti-spam research engineer, warned that another malware attack is circulating on the site, entailing spammed message appearing to come from Facebook. The fake messages, written in grammatically incorrect English, falsely warn users that their IP addresses were sending numerous spam messages to different e-mail addresses. The message then suggests that users download an offered freeware tool, called FB IPsecure, which claims to be from Facebook so that they can put a stop to the spammed messages coming from their machine. However, in reality, the download is actually a malicious Zeus variant, aimed at taking control of a user's computer once installed. The attack isn't much different from Zeus-related malware attacks previously circulating on Facebook, experts say. Even still, Trend Micro researchers warn that users should be cautious when opening unfamiliar or suspicious looking links on Facebook. "In particular, messages that supposedly come from reputable sites like Facebook but contain plenty of grammatical and spelling mistakes should be treated as very suspicious," Polintan warns. This article originally appeared at crn.com Follow us on Facebook and Twitter Copyright © 2011 United Business Media LLC. All rights reserved.
The message then suggests that users download an offered freeware tool, called FB IPsecure, which claims to be from Facebook so that they can put a stop to the spammed messages coming from their machine.
However, in reality, the download is actually a malicious Zeus variant, aimed at taking control of a user's computer once installed.
The attack isn't much different from Zeus-related malware attacks previously circulating on Facebook, experts say.
Even still, Trend Micro researchers warn that users should be cautious when opening unfamiliar or suspicious looking links on Facebook.
"In particular, messages that supposedly come from reputable sites like Facebook but contain plenty of grammatical and spelling mistakes should be treated as very suspicious," Polintan warns.
This article originally appeared at crn.com
Issue: 316 | July 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.
