Yet Another Facebook Scam – You Look So Stupid In This Video

May 16, 2011 - 2 Min. de leitura

Conteúdo

Article
Mais blogs

Today, we have come across yet another rapidly spreading Facebook scam. The ultimate aim of this scam is to coerce Facebook users into completing various surveys which in turn generate money for the scammer. The messages arrive with embedded Flash video and different messages such as “WTF!! You look so stupid in this video” or “yo, why are you on this video” etc. Below is a screenshot of such messages:

The post displays fake meta data showing the number of “Views”, “Likes”, etc. to make the posts appear more genuine. When a user clicks on the video link, the Flash file loads in the background. Once the loaded, it prompts the user to play a fake video. When the user clicks again to play the video, it looks like,

The above message displays instructions with keyboard shortcuts that cause the victim to paste clipboard information in the address bar. The flash file itself sets the clipboard data with malicious JavaScript which further spreads the attack. Here is what the malicious JavaScript looks like:

Let’s format this for better readability. Here is a formatted version:

If user runs this malicious JavaScript in the address bar, the script will randomly load one of two JavaScript files from different domains. The “config.js” is actually used to further spread this scam using different descriptions of the video. This JavaScript file not only posts the same flash video message to user’s wall, but also their friends walls. Here is partial screenshot of “config.js” file:

The above code contains all the configuration settings for spreading this message with different text messages and different domains. The “config.js” file also contains the code for posting the message to wall of every Facebook friend.

Here is what the source of “verify.js” looks like:

The above file references yet another JavaScript file. This referenced file is used to keep track of real time stats. The user is further prompted with message box asking “Please verify your identity” by taking surveys as shown below:

It will keep checking for the survey to be completed even if you click “Complete” button without taking the survey. This is yet another scam run by attackers to earn some money by encouraging Facebook users to complete surveys that pay for completion. This is not the first time we have seen such a scam spreading on Facebook. Attackers are doing an excellent job by taking advantages of both social engineering and social networking.

Believe me - I don’t look stupid in that video!

Umesh

Obrigado por ler

Esta postagem foi útil?？

Sim, muito útil!

Na verdade, não

Aviso legal: este post no blog foi criado pela Zscaler apenas para fins informativos e é fornecido "no estado em que se encontra", sem quaisquer garantias de exatidão, integridade ou confiabilidade. A Zscaler não se responsabiliza por quaisquer erros, omissões ou por quaisquer ações tomadas com base nas informações fornecidas. Quaisquer sites ou recursos de terceiros vinculados neste post são fornecidos apenas para sua conveniência, e a Zscaler não se responsabiliza por seu conteúdo ou práticas. Todo o conteúdo está sujeito a alterações sem aviso prévio. Ao acessar este blog, você concorda com estes termos e reconhece que é de sua exclusiva responsabilidade verificar e utilizar as informações conforme apropriado para suas necessidades.