Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Facebook video scam results in malicious update

BitDefender UK : 22 July, 2014  (Technical Article)
Bitdefender is warning Facebook users of a fast spreading funny video scam on Facebook that leaves users exposed to a malware re-direct
Facebook video scam results in malicious update

A new ‘funny’ video spreading on Facebook leaves a not-so-hilarious Trojan in its wake on users’ computers, according to research by Bitdefender. The malware, believed to originate from Albania, can access a large amount of data from the user’s internet browser. The antivirus software provider advises Facebook’s 30 million UK users to be cautious of this new threat

The scam begins with what appears to be a funny video of a Facebook friend. Once the video is clicked on, users are directed to a fake YouTube page, which then redirects them to a malicious Flash Player.exe for an Adobe ‘update.’

“Scammers have created over 20,000 unique URLs that redirect victims to malicious websites and a fake alluring YouTube video, showing a woman taking her clothes off on a webcam,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “The video seems to actually play for a couple of seconds to entice male users to click. Malware writers faked the number of views so the video seems to have been watched by over a million users.”

Catalin Cosoi continues, “After stealing Facebook information, victims’ profile names are added into the fake YouTube URL parameters. This enables them to make the video seem more legitimate, as it looks like it is posted by users’ friends.”

In an attempt to bypass security, the hackers got their hands on over 60 bit.ly API keys that helped them generate shortened URLs. The unique links are then spread on Facebook timelines. As API keys are randomly selected, blacklisting a couple does not stop the scam from spreading. Bitdefender has notified bit.ly of the issue.

The malware writers used an add-on framework that allows their code to function on several browsers. With Google Chrome, the malicious YouTube video redirects users to a fake FlashPlayer install. The file, detected by Bitdefender as Trojan.Agent.BDYV, drops a password-protected archive on the computer and a .bat file, designed to run the executable in the archive after providing the password as a parameter. With Firefox, the page prompts for a malicious add-on install.  

On both browsers, the add-on tags 20 Facebook friends at a time and injects ad services into the page. The extension also fiddles with some of the social network’s functionalities so that users can't delete the malicious posts from their timeline and activity log.

“We advise users to exercise caution before clicking on Facebook videos,” adds Catalin Cosoi. “Keep your antivirus solution and other software updated and warn your friends if you believe they are at risk of becoming malware victims.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo