Cybercriminals quickly took advantage of news surrounding Amy Winehouse’s death by staging online attacks. Amy Winehouse is a multi-awarded English singer and songwriter who passed away over the weekend.
This is actually standard behaviour of cybercriminals. One attack we’ve seen on Facebook is the usual Facebook survey scam that involves an age verification page and a fake video page before getting the victim to take part in a survey.
We noted that the survey involved in this attack is similar to the survey described in the blog entry Survey Scam Offers Google+ Invites. Users who are familiar with these types of survey scam attacks on Facebook are in a better position to protect themselves and warn their contacts if they find these posts on their News Feeds.
The details of the Amy Winehouse Facebook survey scam are as follows. The user clicks a Wall post that purports to feature an Amy Winehouse video taken before her death. The user is then led to this page:
Clicking the link on the page redirects to a fake video page which is actually a clickable image that redirects to an age verification dialog box.
Upon clicking the age verification image, another dialog box appears. It notifies the user that the link will be posted on his/her Facebook Wall.
Next, a “Human Verification” window appears, encouraging the user to prove they are human by taking either of a “Stupid or Genius?” test or “Are You and Your Partner Compatible?”
One of the surveys, for instance, the “Stupid or Genius” test, leads to a survey.
The last requirement of the test/survey is inputting the user’s mobile number. A digital pin will supposedly be sent to the mobile phone.
We’ve seen some other cybercriminal attempts to leverage the news of Amy Winehouse’s death. We encountered some malicious URLs with the keywords “amy winehouse death” that is seen to be used in a blackhat SEO attack. According to Threats Researcher Marco Dela Vega, these malicious URLs led to malware that redirects the user to a fake scanning page to scare them into downloading malware. The malicious file downloaded is a FAKEAV binary currently detected as TROJ_FAKEAV.CLS.
Trend Micro protects users from this attack via the Smart Protection NetworkT by blocking all related files and URLs.
As cybercriminals consistently find new ways to trick users into participating in their schemes, social media users may check our report, “Spam, Scams, and Other Social Media Threats”.
Leave a reply