While much attention is focused on Facebook scams and trojans involving Osama bin Laden's death, Facebook users should be aware of another new way scammers are spreading links to rogue sites. They have begun to circulate convincing links claiming to be stories from Wired News about the iPhone 5. This scam takes advantage of Facebook’s new social plugin for websites that allow for comments, M86 Security Labs reports.
If a Facebook user clicks on the link, the user is instead sent to a random .info site. M86 says it has documented over 10 of these sites for this particular scam. Once there, the user is asked to answer a CAPTCHA-like verification form, such as "what is 3 + 2?", but the user is not allowed to see the info typed in response. Once the user answers, this "actually results in the user leaving a comment for the .info website through the use of the Facebook social-plugin layer for comments," says M86.
OK, many users might fall for this so far, but the funky thing here is that the user is then asked to download a file such as "videogameboxinstaller.exe" which tries to convince people to agree to install it because it will let them "like" anything on the Web. Naturally, the file also installs other software which allows the application to serve the user adware. It then tries to convince the user to sign up and send in money to become an "affiliate member."
The good news is that the file may be blocked by at least some antivirus software programs, as the files used tend to belong to a known family of malware dubbed Adware.Yontoo.
While it may seem obvious that downloading software from a Facebook link is a Very Bad Idea, and no one should do it, M86 says that it tracked at least 100,000 clicks to the few fake .info sites it was tracking, which helps propagate the scam and increase exposure to the rogueware.
The Osama bin Laden scam falls more in line with what antivirual maker AVG reports is the typical Facebook scam. These center on a link to a seedy video, in this case one that claims to show bin Laden's dead body. If a user clicks, the user is sent to a site that offers a survey and then wants to text the results to a cell phone. The fine print says that the user now agrees to pay $10 a month on the user's cell phone bill. On top of that, sometimes scammers throw in some pure clickjacking malware where users are asked to click a button which is actually a Like button hidden by a transparent GIF. The video then shows up in the user's news streams as a "liked" video.
According to a report issued in April by AVG, "Last year, we used to see an average of one such campaign per week, usually running on weekends, and usually netting 200k-300k victims, but this has now accelerated to a fresh campaign every other day or so."
Facebook, for it's part, doesn't seem to be letting these scams run rampant, but is blocking them when it becomes aware of them. The best solution for Facebook users is to know that legitimate websites don't make their readers answer CAPTCHA questions or take a survey just to read a story or watch a video.