View Full Version : Rogue Facebook Private Messages Lead to Scareware

19-01-2011, 03:13 AM
http://img.photobucket.com/albums/v708/starbuck50/facebook-1.jpg Security researchers from CA warn of a scareware distribution campaign which spams Facebook users with malicious links via private messages.

The rogue messages read "I got you a surprise" and contain a link which takes users to a website hosted at blogspot.com.

The landing page is designed to look exactly like a Facebook one, down to the advertisements on the right sidebar.

This is meant to trick users into believing they are still on the social networking site.

The page shows a gift image with an associated message that reads "Hey buddy! If you're here, then someone of your friends had made up a surprise for you!"

Clicking anywhere inside the page prompts users to download a file called surprise.exe, which according to Akhil Menon, a CA security researcher, is a Trojan downloader which further installs scareware on the infected machine.

"An unaware user inquisitively would download and run the file thinking that it is really being sent by a friend on facebook and would infect his machine right away," the research notes.

The scareware programs will immediately start bombarding users with alerts about non-existent threats allegedly found on their computers in an attempt to trick them into paying for a license.

Private message spam is not uncommon on Facebook, but it seems the use of this technique recently increased in association with malware distribution attacks.

Just a few days ago we reported about a new Koobface campaign spreading via similar messages and directing people to fake videos.

Users are advised to be extra careful when visiting links received on social networking sites, even when they appear to be sent by a friend. To protect themselves from clandestine attacks, a capable and updated antivirus program should run on their computers at all times.

If any website offers an executable file for download without the user particularly asking for it, it's most likely an attempt to infect them. Online scanning services like Virus Total can be used to check suspicious files.

Rogue Facebook Private Messages Lead to Scareware - Softpedia (http://news.softpedia.com/news/Rogue-Facebook-Private-Messages-Lead-to-Scareware-179022.shtml)