Update: added the orginal non-Photoshopped picture used for the Facebook-scam

The release of ESET NOD32® Antivirus and ESET Smart Security® version 6 also saw the birth of ESET’s Social Media Scanner, a free Facebook Application that protects your profile from malicious content by making sure that the content of your wall, newsfeed and private messages are checked for threats even when you are not logged in.  If an infection is found, you are notified by email and can take immediate action.

With almost 25 years in the industry, some personal ego boosting is allowed: I have lots of “friends” all around the world active in the same industry. I received a “shared” messages from one of them about “a leaked scandal video of Justin Bieber and Selana Gomez” promising a “naked Justin Bieber”, with as a teaser a Photoshopped picture, which we for family-friendness censored a bit.

And, for your own curiosity, if you want to know why this is Photoshopped, if you search the Internet for images of a Canadian singer Justin Bieber and American actress Selena Gomez together, you’ll easily find other images from the same “series” that are more family-friendly, if not as enticing. UPDATE: And you even find the original non-Photoshopped version of the picture used in the Facebook scam.

Shortly after the message was sent to my Facebook wall, I received a message from ESET’s Social Media Scanner.

The message is a click-jacking campaign that spreads on Facebook, eventually redirecting the user to URL that “hosts” a fake video. Or so the user thinks. First the user has to fill in a survey, automatically agreeing to a trivia subscription service with 3 questions per week for only $3 per question. The video is never shown. A similar campaign is documented here

ESET’s Social Media Scanner is connected to ESET’s LiveGrid, a cloud powered real-time protection scanner that protects against online based internet threats and online social-media exploits… Through ESET’s LiveGrid we have seen 522 unique URLs and 148 unique domains over the last week having the same detection (Trojan.JS/TrojanClicker.Agent.NDW), all promising the same or a similar video.

It is interesting to see how social engineering with this type of content has moved from e-mail to social media.  In 2001 it was the Dutch Jan de W. who spread the Anna Kournikova virus by e-mail where the e-mail claimed if you clicked the “link” it would show a “naked” Anna Kournikova.

As the attached file was a Visual Basic Script file that would destroy a lot of graphical files and the malware spread to all people in your address book by sending them the same message.

People make weird decisions when they are promised a naked celebrity. What was more shocking was that at that time I talked to a customer that tried to double click the malicious attachment and found the action blocked by the anti-virus program of the company I was working for at that time. As he wanted to see the “naked Anna Kournikova” he actually disabled the anti-virus protection, but of course they never got the desired picture. He wanted to know what he had to do otherwise to get that picture! Sigh!

It shows that people fall for social engineering if the stipulation is good enough. Times have changed and now it is Justin Bieber and not Anna Kournikova who is used to trick gullible people into clicking on links in their Facebook messages. But regardless of who the celebrity is, it seems that promising to show a naked picture of them still does work.

Of course I informed my friend at the competitor about the malicious content he forwarded. It turned out that he actually forwarded the same message he received from a colleague of his. Makes you wonder about the security policies active in that anti-malware company wink

Oh yes, I really have to say this too: Why on Earth does “one of my friends” think I have ANY INTEREST AT ALL in a NAKED Justin Bieber! But by all means: Leave the kid alone. That is what I would wish if he was my kid! Wouldn’t you?

Why this blog is promoted as “Scandal Video of Justin Bieber: Just Don’t Click Here!!!”… We do not want you to use the social network icons above and “Like” the blog on Facebook, “Share” the blog on LinkedIn, “Tweet” about the blog on Twitter, “Share” the blog on Google+, by any means, please do not  make this the most watched blog by social engineering!