Painful Facebook Malware? Only When I Laugh.

Juraj Malcho, Head of Lab at Bratislava, reports:

We've just encountered what appears to be a new Facebook scam in the wild. As of this moment we haven't seen any malicious content being served, but the content is changing even as I’m writing this post and it’s likely to serve malware soon. It spreads by adding a link on the Facebook wall, such as
"try not to laugh xD
 
If a logged-in user clicks the link, the same message gets posted on his wall. A few minutes ago, nothing else happened after that, and the site that we presume will deliver the payload was returning an empty IFRAME redirect. However, right now it serves a clicking game which counts have many times you’re able to click your mouse within 5 seconds.

We advise that you take care and do not click any similar links while browsing other peoples’ Facebook walls. As is typical with social engineering tricks such as  this, it’s likely that eventually Rogue AVs or other dubious applications will appear, trying to persuade you to install them.

We'll keep you informed as the situation changes, of course.

[Update: I notice that Mikko Hypponen at F-Secure and Graham Cluley at Sophos have also blogged on this in some detail: the fact that we've all blogged so close together does suggest that this has been spreading pretty fast. However, after Mikko rang a number that appeared to be associated with the site in question, the site in question went offline. Mikko's account of the incredible disappearing Facebook threat is at http://www.f-secure.com/weblog/archives/00001955.html. We will, nevertheless, let you know if there are any further developments. :-) ]

David Harley FBCS CITP CISSP
ESET Research Fellow and Director of Malware Intelligence
 

Author David Harley, ESET

  • Ginna Lopez

    10.05.21 Fri 10:49p PHT
     Greetings from Manila in the Philippines !
    I've been using ESET NOD32 for almost two years now and have just renewed my Lic another year.
    My updates are at this moment CURRENT (5136 / 2010.05.21) – was wondering IF you've already 'informed' your product about this latest finding.
    It's very important to me because I spend a lot of time on Facebook – though I don't generally play any games or watch Videos – BUT I do post many a link to their Site from others, so you can imagine my concern.
    Allow me to take this opportunity to say I LOVE YOU ESET and THANK YOU – keep up the great work people !
    Ginna from Manila

    • Randy Abrams

      We’re delighted you are happy :)

      Randy Abrams
      Director of Technical Education

  • kkg_

    Opera user… Kudos for that.

Follow us

Copyright © 2016 ESET, All Rights Reserved.