- A supposed tape of the couple is used to spread malware to Facebok users
- The worm installs as a Firefox/Chrome browser plug-in to spread the infection
If the user clicks the link, they are taken to a fake Facebook page where they are invited to download a plug-in to watch the video. The page indicates that over 4,000 people have already clicked the “Like” button, which is used by the scammers to trick victims into believing that the video is legitimate.
If the user tries to play the video, the worm will act differently depending on the browser used. On Internet Explorer, the worm displays an age verification page to access an application called “X-Ray Scanner”.
Then, before the user can take any other action, the browser takes them to a typical scam site where they are asked to enter their phone number. However, if they do so, they will start receiving unwanted premium rate text messages.
The infection is even more serious on Firefox and Chrome, as the worm installs a browser plug-in and uses it to post the scam to the victims’ friends’ pages.
According to Luis Corrons, technical director of PandaLabs, “Once again, user curiosity becomes cyber-criminals’ best ally. Scammers exploit people’s interest in this couple to infect users, who click the malicious link and download the worm without taking any precautions. This has two negative effects: on one hand, users infect their own computers; and on the other, a message is automatically sent to all of their Facebook friends.”
Social engineering is cyber-crooks’ weapon of choice to spread their creations through social media. The fact that users themselves unknowingly send the malicious links to friends facilitates malware distribution as people are more likely to click on a link received from a reliable source. There have been similar cases in the past. Last year, for example, over 80,000 users fell victim to a scam exploiting Steve Jobs’s death.
PandaLabs offers users tips on how to avoid falling victim to this type of scam:
- Be wary of websites offering sensational videos or unusual stories.
- Before you click on a link sent by one of your contacts, make sure it has been intentionally sent by your friend and it is not the result of a massive scam like this one.
- Don’t accept friend requests from people you don’t know. This will help keep your privacy safe.
- Always keep your computer’s operating system and Web browsers up to date, and make sure you have an up-to-date antivirus solution installed.
If, however, you suspect you have fallen into the trap:
- Check your browser plug-ins and remove any suspicious ones.
- Check the applications that have permission to access your Facebook account, and delete those you don’t know.
- Change your Facebook account password. If you use the same credentials to sign in to other services as well, change them too. It is always better to take all necessary precautions.
More information is available in the PandaLabs Blog.