By: ThreatLabz

Cashing In On ‘ScamBook’

Scam

Last week, Umesh blogged extensively about the Facebook Scams. The previous scams have demonstrated that Facebook is struggling to contain these attacks. While some attacks seek to spread malicious code, many that we see are attempts to profit from shady advertising.

Yesterday I saw a posting on friend's Facebook wall entitled “DOG ATTACKS A KID! Real video!”.



Clicking on the link lands you on a fake “YouTube” page which is actually hosted at the “watch.in” domain. This page asks the victim for “Security Verification” to comply with YouTube's Anti-SPAM regulations.



This is simply social engineering, attempt to build trust with the victim and lead them to believe that the site is legitimate. The page prompts the victim to resolve a CAPTCHA for verification (the CAPTCHA image never changes even if you refresh the page repeatedly).

Now after resolving the CAPTCHA and clicking submit, the victim is sent to another page which asks them to take a YouTube survey for “Age Verification”.


This is where the attacker generates his profit. Clicking on any of the survey links will take victim to a third party survey which earns the attacker a few cents for every survey completed..



Additionally, the text which the victim inputs, is not verified against the CAPTCHA string, but instead is used as a comment, and the malicious post is then added to the victim’s wall to further spread the scam to the victim's other friends.



As shown in snapshots above, even if one adds a malicious URL in the CAPTCHA test, it will be posted on the wall. This vector can be used to redirect victims to malicious sites to cause further damage.

This attack spreads with varying video and title entries. Yesterday the postings were entitled “DOG ATTACKED A KID!” today the newer malicious postings have title "this woman has ..! LOL".


This is yet another fake advertising campaign designed to earn money by coercing victim’s into completing surveys. Facebook needs to take steps toward stopping these deceptive postings as they are becoming far too common. Be on the lookout for these and other more malicious Facebook scams.

Until then, enjoy Facebook but think before you click…

 

- Ajit Hatti

 

 

Learn more about Zscaler.