"Sexiest video" scam preys on Facebook users

Share this article:
Researchers over the weekend discovered a new Facebook adware campaign that quickly was disabled.

Users on Saturday began receiving messages, which came from a friend whose account had been infected. The messages read, “[T]his is without doubt the sexiest video ever! :P :P :P" and were accompanied by a link to a fake video titled "Candid Camera Prank [HQ]."

Clicking on the supposed video brought users to a Facebook application, which subsequently prompted them to download an updated media player to view the video, Patrik Runald, senior manager of security research at web security firm Websense, told SCMagazineUS.com on Monday. The download actually was a payload for an adware program called Hotbar, which displays advertisements in a user's browser based on web browsing habits.

If installed, the application also spammed out the same erotic message to all of the victim's friends.

“The malicious app itself started posting messages to friends' walls as soon as you allowed the app access to your profile," Runald said.

Tens of thousands of Facebook users may have fallen for the ruse, Runald said.

Facebook promptly disabled the application and since has been deleting all posts related to the scam, a spokesman told SCMagazineUS.com in an email Monday.

“We have an enforcement team that takes action against applications that violate our policies when they're reported to us or surfaced by our systems,” the Facebook spokesman said. “We're advising people not to click on strange links, even when posted by friends, and to be cautious when using applications.”

The adware campaign was unleashed just days after the social networking site announced a new security feature designed to notify users when their account is accessed from an unapproved device.

"It alerts you whenever someone logs into your account from an unknown computer, which is really good,“ Runald said. "It's a great feature and we recommend everyone activate it."

In addition, if Facebook detects an attempted login from an unusual device, the site will prompt the user to answer additional security questions.

"I think these are great steps, and I am glad to see Facebook stepping it up in regards to securing account access," Dave Marcus, security research and communications manager at McAfee Avert Labs, said in a blog post on Thursday. "When you consider the high prevalence of password-stealing trojans and Koobface...these measures are certainly a move in the right direction."

However, the new features would not have been able to stop the adware campaign this weekend, which propagated after users were tricked into approving the malicious application, Runald said.

“This was strictly social engineering by tricking you into believing that you received this video,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.