The Latest in IT Security

Facebook Attack Leverages LinkedIn

04
Jul
2011

We recently found a Facebook attack, which uses the business-related social networking site, LinkedIn as its redirector site. The attack begins with a wall post that bears the subject, “The Video That Just Ended Justin Biebers Career For Good!” and creates a similar wall post on affected users’ accounts once they click the URL in the image.

Click for larger view

This Facebook attack using LinkedIn is new as cybercriminals normally employ URL shorteners and Facebook fan pages, to point users to malicious websites. The usage of a legitimate website definitely increases the possibility of users dismissing the post as a malicious threat. In the past, we also reported various attacks that employed URL shorteners here:

Although Facebook prompts a warning about the possible malicious URL activity, the said malicious URL can still be accessed via Facebook.

Click for larger view

As seen in the warning, the URL to which the user will be connected to is not really under the LinkedIn domain, but is rather a redirect to another URL. We find it unusual that LinkedIn would allow this type of redirector script on its site without doing some sort of check. When users click ‘continue’, the browser accesses http://{BLOCKED}88.info showing a video player-like interface. The supposed video is related to famous singer, Justin Bieber.

Click for larger view

Upon clicking the ‘play’ button, the browser redirects to the site http://{BLOCKED}y.info, which displays a window that asks users to answer a survey before they can view the contents of the said Justin Bieber video. It also that users can get a $1000 Walmart gift card or a gift from Facebook once they answer the fake survey. The malicious script that performs the redirecting is detected by Trend Micro as JS_FBJACK.D.

Click for larger view

After completing the survey, users will find that the said video doesn’t exist. Once again, the cybercriminals behind this attack benefit from the payers of the answered online surveys. In addition, this may possibly pave way for malware infection and information theft.

Trend Micro protects users from this attack via its Smart Protection Network that blocks all related URLs to prevent users from accessing these malicious sites.

With cybercriminals consistently finding news ways to trick users into participating in their schemes, it is of utmost importance for users to know about the nature of these threats, and how they can protect themselves. Social media users may check our report, Spam, Scams and Other Social Media Threats.

Leave a reply


Categories

THURSDAY, OCTOBER 19, 2017

Featured

Archives

Latest Comments

Social Networks