Video Screencast Help

Security Response

Showing posts tagged with facebook
Showing posts in English
Nick Johnston | 18 May 2012 14:21:44 GMT

Today sees the highly-anticipated IPO (Initial Public Offering) of the social-networking site Facebook. The IPO is expected to be several times oversubscribed as the demand for shares greatly exceeds the number of shares being issued.

The high-profile nature of this IPO has not escaped the attention of the “419” or the “advance fee fraud” scammers. As a brief reminder, these scams typically promise vast sums of money in exchange for assistance. However, before said sums of money can be received, several increasingly-inventive up-front charges and fees must be paid. The fees keep coming and the promised money never materializes.

We recently spotted a 419 scam message offering a "FACEBOOK (IPO) SUBSCRIPTION PARTNERSHIP PROPOSAL". The use of an all uppercase heading is a common hallmark of such 419 scams.

The scam claims to be sent from a finance firm with offices in multiple locations around the world. The exact nature of the...

khaley | 25 Apr 2012 18:19:22 GMT

It was the best of posts, it was the worst of posts. My apologies to Charles Dickens, but it seems to be the best way to describe two themes I see on Facebook wall posts these days. Let me show you some of the worst ones first:

Yes; these are scams. Posted as legitimate messaging on Facebook user’s walls by bad guys. Blaming Facebook for scams is a little like blaming Al Gore for malware on the Internet. Even if Mr. Gore did invent the Internet, he certainly didn’t invite all those malware authors to join up. I addressed the attraction of Facebook to bad guys some time ago. Here’s the short version: malware authors target people, not computers. Lots of people are on Facebook; malware authors follow.

It all seems like bad news, doesn’t it? But it’s not. Here are some of the best posts...

Mathew Maniyara | 08 Mar 2012 23:50:37 GMT

Co-Author: Ayub Khan

Phishers regularly introduce new types of fake applications with the motive of improving their chance to harvest user credentials. In February 2012, Symantec observed a phishing site recommending a fake application that allegedly removes “Timeline” profile for Facebook users. The phishing site was hosted on a free web hosting site.

The phishing site embedded the Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now”. According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page—only after they enter their login credentials. To make the fake application look more authentic, phishers added that it was protected by an antivirus product with the logo of the antivirus brand placed...

Sean Butler | 24 Jan 2012 02:38:43 GMT

Recently, I came across a scam email that is trying to take advantage of the hype surrounding the yet-to-be-released iPad 3. The release date of the iPad 3 is still unknown but spammers are already jumping on the bandwagon in the hope of scamming people who will be eager to get their hands on one of these devices.

The scammers introduce themselves as Mark Zuckerberg, the CEO of Facebook. The email then states how Facebook have joined up with Apple for a one time promotion – to give away an iPad 3 at no cost. This is, of course, all false information but the scam attempts to entice potential victims by stating how they have been randomly selected from a Facebook database. It is possible that a user could potentially be deceived by this ruse if they receive this email to the email address they have used to register with Facebook.

The user is then asked to click on a link and fill out a survey. The goal of the scammers here is to obtain personal information from...

Hardik Suri | 17 Jan 2012 15:53:09 GMT

Facebook scams have become a common propagation vector for scammers to earn commissions. But once in a while, something interesting happens that makes security researchers sit up and take notice. One such case is a scam that is currently fooling victims into downloading a fake browser plug-in.  The scenario is very simple: the victim is lured into watching some video; but instead of asking the victim to share/like the video, (which we have seen in many scams) the scammers present the victim with a fake plug-in download image, which is required to see the video. One such case is described below.

The fake screen is nothing but an image that has been loaded from another site through an iframe. The iframe that loads the fake contents can be seen below:

Upon visiting the iframe-loaded site we are presented with...

Mathew Maniyara | 20 Dec 2011 02:17:51 GMT

Co-Author: Avdhoot Patil

Symantec is familiar with phishing sites which promote fake offers for mobile airtime. In December, 2011, the phishing sites which utilized these fake offers as bait have returned. The phishing sites were hosted with free web hosting.

When end users enter the phishing site, they receive a pop up message stating they can obtain a free recharge of Rs. 100:

Upon closing the pop up message, users would arrive at a phishing page which spoofs the Facebook login page. The contents of the page would be altered to make it look as though the social networking site was giving away free mobile airtime. A list of 12 popular mobile phone services from India would be displayed with their brand logos. Once the page completes...

Nishant Doshi | 27 Oct 2011 11:06:12 GMT

In the last few months we have seen a variety of spam campaigns propagating on social networking websites. Most of these attacks use some flavor of social engineering tactics. Every now and then, we see some innovative social engineering techniques used by attackers. Here is one such technique that tricks the victim into revealing their all-important Facebook Anti-CSRF token.

Cross-site Request Forgery attacks
A Cross-site Request Forgery (CSRF) is a type of attack in which attackers can re-use an already authenticated session to a website to perform unwanted actions on that website without the user’s knowledge or consent. For example, let’s say that a user is logged into his or her banking website. If this bank’s website suffers from a CSRF weakness, then another malicious website (say, can instruct the user’s browser to navigate to...

Candid Wueest | 15 Jul 2011 14:13:27 GMT

The scam waves in Facebook continue, as expected. For example the recent “brother raped his sister” theme has been changed a bit and sent along for a new run on the social network.

It’s the same content that has been used with similar themes over the last few weeks, only the scammers have just added a level of randomization to it. Not only does the text of the message vary a bit each time, but they also add random sub-domains. They are using a combination of words like www, wtf, video, show, play, movie, killer, insane, crazy, or brother in combination with other random parts. A link could for example look like this: http://video.ng4o.[REMOVED].info/watch?v=s4vo4o

For this particular scam we have already seen more than 70 different domains in use. Given the randomization, it’s no surprise that none of the tested links where blocked by Facebook’s redirector, with more than 200,000 people already clicking the links.

To make it even...

Joji Hamada | 13 Jul 2011 15:35:59 GMT

W32.Gammima.AG, an infostealer best known for targeting massively multiplayer online role-playing games, is now also going after a game on Facebook. This is the first time we have encountered the malware going after an app on Facebook.

This particular malware doesn't just target any Facebook user. It’s only interested in collecting login credentials from those who use the Perfect Poker app, which is a game that allows you to play online poker with other Facebook users. The inclusion of Perfect Poker to the list of targeted games in W32.Gammima.AG appears to have taken place around December 2010.

As with other variants of W32.Gammima.AG, which attempt to gather login credentials and steal online coins from the accounts in order to profit, the variant targeting Perfect Poker seeks the same...

Candid Wueest | 06 Jul 2011 10:23:38 GMT

As is the case with every long weekend, the 4th of July weekend brought quite a lot of scams spreading through Facebook. Besides the usual click-jacking, hoaxes, and phishing attacks, one particular scam was discovered that showed the imminent evolution of this type of attack.

As always, the scam commences with a bait message – this time referencing a must-see video of some ex-girlfriend. Interestingly enough, most of the themes that we encounter have been used many times before, but unfortunately people still fall for them.

[Video] - This is what Happend to his Ex Girl Friend!
Play Video! She was Hurting for days, and could not walk!

Once the link is clicked, the user is re-directed to a remote site. Google’s statistics page for that specific link showed that about 15,000 users have clicked on it. Of course, there were multiple links involved, so this figure only indicates an average estimate of...