Weâ€™ve detected an increase in the number of domains containing the word facebook and which belong to malicious websites. What is clear is that cybercrooks are aware of the success of the social networks, especially Facebook, and consider them an entry point to distribute malware or to obtain credentials.
Among them there are the following:
In most of the cases, when you access any of these URLs, a similar interface to real Facebook is displayed, in oder to obtain your access data. Then, you are redirected to the real site not to raise suspicion.
The following image is an example of the fake Facebook site. It may be easily identified not only because the content of the address bar doesnâ€™t belong to the real Facebook but also because part of the text and the images are different:
This image belongs to the fake website:
As you can see, the web address does not belong to the original one:
This image belongs to the real website:
However, the purpose is not always to obtain userâ€™s credentials, as from some of these websites malware is downloaded using the technique drive by download, in which the file is automatically run without userâ€™s intervention.
Weâ€™ve seen that one of the samples that is being distributed through these websites is W32/Lolbot.C.worm.
Surely Facebookâ€™s imitators will continue to appear, so when you access this or any other social network, donâ€™t do it through links received via email, itâ€™s better to type it directly in the address bar of the browser.