"Sexiest video" scam preys on Facebook users

Share this article:
Researchers over the weekend discovered a new Facebook adware campaign that quickly was disabled.

Users on Saturday began receiving messages, which came from a friend whose account had been infected. The messages read, “[T]his is without doubt the sexiest video ever! :P :P :P" and were accompanied by a link to a fake video titled "Candid Camera Prank [HQ]."

Clicking on the supposed video brought users to a Facebook application, which subsequently prompted them to download an updated media player to view the video, Patrik Runald, senior manager of security research at web security firm Websense, told SCMagazineUS.com on Monday. The download actually was a payload for an adware program called Hotbar, which displays advertisements in a user's browser based on web browsing habits.

If installed, the application also spammed out the same erotic message to all of the victim's friends.

“The malicious app itself started posting messages to friends' walls as soon as you allowed the app access to your profile," Runald said.

Tens of thousands of Facebook users may have fallen for the ruse, Runald said.

Facebook promptly disabled the application and since has been deleting all posts related to the scam, a spokesman told SCMagazineUS.com in an email Monday.

“We have an enforcement team that takes action against applications that violate our policies when they're reported to us or surfaced by our systems,” the Facebook spokesman said. “We're advising people not to click on strange links, even when posted by friends, and to be cautious when using applications.”

The adware campaign was unleashed just days after the social networking site announced a new security feature designed to notify users when their account is accessed from an unapproved device.

"It alerts you whenever someone logs into your account from an unknown computer, which is really good,“ Runald said. "It's a great feature and we recommend everyone activate it."

In addition, if Facebook detects an attempted login from an unusual device, the site will prompt the user to answer additional security questions.

"I think these are great steps, and I am glad to see Facebook stepping it up in regards to securing account access," Dave Marcus, security research and communications manager at McAfee Avert Labs, said in a blog post on Thursday. "When you consider the high prevalence of password-stealing trojans and Koobface...these measures are certainly a move in the right direction."

However, the new features would not have been able to stop the adware campaign this weekend, which propagated after users were tricked into approving the malicious application, Runald said.

“This was strictly social engineering by tricking you into believing that you received this video,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Kevin Mitnick to sell zero-day exploits

Kevin Mitnick's new venture will develop and procure zero-day exploits, then sell them for $100,000 or more.

FBI warns of potential cyber attacks launched by ISIS hacktivists

Following U.S. military airstrikes in the Middle East, the FBI has issued a warning regarding possible cyber threats aimed at U.S. networks and critical infrastructure by hacktivists in support of ISIS.

Report: 75 million records compromised so far in 2014

Report: 75 million records compromised so far in ...

An updated report indicates that since this time last year, breaches have increased by 29.4 percent, with 568 breaches occurring this year.