Shortcuts

Facebook Scam Promises iPhone 5 News

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,074
Points 1,182,895
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, May 2 2011 11:20 PM

While much attention is focused on Facebook scams and trojans involving Osama bin Laden's death, Facebook users should be aware of another new way scammers are spreading links to rogue sites.  They have begun to circulate convincing links claiming to be stories from Wired News about the iPhone 5. This scam takes advantage of Facebook’s new social plugin for websites that allow for comments, M86 Security Labs reports.  

If a Facebook user clicks on the link, the user is instead sent to a random .info site. M86 says it has documented over 10 of these sites for this particular scam. Once there, the user is asked to answer a CAPTCHA-like verification form, such as "what is 3 + 2?", but the user is not allowed to see the info typed in response. Once the user answers, this "actually results in the user leaving a comment for the .info website through the use of the Facebook social-plugin layer for comments," says M86.

OK, many users might fall for this so far, but the funky thing here is that the user is then asked to download a file such as "videogameboxinstaller.exe" which tries to convince people to agree to install it because it will let them "like" anything on the Web. Naturally, the file also installs other software which allows the application to serve the user adware. It then tries to convince the user to sign up and send in money to become an "affiliate member."

The good news is that the file may be blocked by at least some antivirus software programs, as the files used tend to belong to a known family of malware dubbed Adware.Yontoo.

While it may seem obvious that downloading software from a Facebook link is a Very Bad Idea, and no one should do it, M86 says that it tracked at least 100,000 clicks to the few fake .info sites it was tracking, which helps propagate the scam and increase exposure to the rogueware.

The Osama bin Laden scam falls more in line with what antivirual maker AVG reports is the typical Facebook scam. These center on a link to a seedy video, in this case one that claims to show bin Laden's dead body. If a user clicks, the user is sent to a site that offers a survey and then wants to text the results to a cell phone. The fine print says that the user now agrees to pay $10 a month on the user's cell phone bill. On top of that, sometimes scammers throw in some pure clickjacking malware where users are asked to click a button which is actually a Like button hidden by a transparent GIF. The video then shows up in the user's news streams as a "liked" video.

According to a report issued in April by AVG, "Last year, we used to see an average of one such campaign per week, usually running on weekends, and usually netting 200k-300k victims, but this has now accelerated to a fresh campaign every other day or so."

Facebook, for it's part, doesn't seem to be letting these scams run rampant, but is blocking them when it becomes aware of them. The best solution for Facebook users is to know that legitimate websites don't make their readers answer CAPTCHA questions or take a survey just to read a story or watch a video.

  • | Post Points: 35
Top 50 Contributor
Posts 3,236
Points 37,910
Joined: Mar 2010
AKwyn replied on Tue, May 3 2011 12:34 PM

Ugh, all of these scams; when are people going to learn how to notice and avoid them?

 

"The future starts with you; now start posting more!"

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: May 2011

Hello -

My name is Jennifer and I am the marketing coordinator for Theme Your World LLC, the company that owns the PageRage software. For clarification, Theme Your World LLC is not complicit in this scam activity, rather, the scammers are using the company’s PageRage software and its affiliate program in order to make money off of unsuspecting Facebook users.

We have investigated this issue and have taken the corrective action against the affiliate. They have been shut-down.

Best Regards,

Jennifer

Theme Your World LLC

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS