You may have heard about lot of Facebook Scamsters making use of different tragedies around to the world to profit themselves. Here is a report of quite opposite being used by the scammers. A new funny video spreading on Facebook and spreading virally. It is supposed to amuse the Facebook users and sharers but instead leaves a not-so-hilarious Trojan in its wake on users’ computers. The scam was discovered security research firm Bitdefender.
Bitdefender says that the malware believed to originate from Albania, can access a large amount of data from the user’s internet browser. As with the tragic video scams perpetrated on Facebook, this scam begins with a message of a funny video from a known Facebook friend. Humor is the quickest way to garner attentions and once the victim clicks on the video, he/she is directed to a clone YouTube page. This page redirects the victims to them to a malicious Flash Player.exe for an Adobe update after stating that their Flash Player is not upto date.
Catalin Cosoi of Bitdefender stated that, “Scammers have created over 20,000 unique URLs that redirect victims to malicious websites and a fake alluring YouTube video, showing a woman taking her clothes off on a webcam. The video seems to actually play for a couple of seconds to entice male users to click. Malware writers faked the number of views so the video seems to have been watched by over a million users.”
Catalin further added, “After stealing Facebook information, victims’ profile names are added into the fake YouTube URL parameters. This enables them to make the video seem more legitimate, as it looks like it is posted by users’ friends.”
In an attempt to bypass security, the hackers got their hands on over 60 bit.ly API keys that helped them generate shortened URLs. The unique links are then spread on Facebook timelines. As API keys are randomly selected, blacklisting a couple does not stop the scam from spreading. Bitdefender has reported that it has notified bit.ly of the issue and made them aware of the bit.ly links being used to scam innocent victims.
The malware author has used an add-on framework while writing the malware code. The benefit of this is that, it allows their code to function on several browsers. As with Google Chrome, the malicious YouTube video redirects users to a fake FlashPlayer install. The installed file was detected by Bitdefender as Trojan.Agent.BDYV. This trojan drops a password-protected archive on the computer and a .bat file, designed to run the executable in the archive after providing the password as a parameter. On victims using Firefox, the page prompts for a malicious add-on install which when clicked installs Trojan.Agent.BDYV.
After download, it also tags 20 Facebook friends at a time and injects ad services into the page in both the browsers. The Add on extension also recodes the social network’s functionalities so that users can’t delete the malicious posts from their timeline and activity log.
“We advise users to exercise caution before clicking on Facebook videos,” adds Catalin Cosoi. “Keep your antivirus solution and other software updated and warn your friends if you believe they are at risk of becoming malware victims.”
Techworm would only advise viewers not to fall prey to such scams by opening videos or files from unknown sources even if they are shared by a very best friend.
Techworm would only advise viewers not to fall prey to such scams by opening videos or files from unknown sources even if they are shared by a very best friend.
