The Latest in IT Security

Facebook Attack Spreading both Windows AND Mac malware


There’s a significant Facebook malware attack occurring at the moment.

The attack is spreading virally using Facebook’s “Like” feature – a method well established by rogue Cost Per Action (CPA) marketing affiliates. But unlike CPA spam that redirects to deceptive ads, this “viral video” is linking to a Lithuanian server that serves up Windows and/or Mac malware.

This is the first time we’ve seen malware using “viral links”. (Stuff such as Koobface uses phishing and compromised accounts.)

The bait uses the following subject lines: “oh shit, one more really freaky video O_O” and “IMF boss Dominique Strauss-Kahn Exclusive Rape Video – Black lady under attack!” and points to a subdomain on “”.

An Openbook search shows numerous examples of folks that have been exposed.

Here’s an example of Facebook’s search results:

Facebook search, oh shit, one more really freaky video O_O

When testing the link from Germany, Finland, France, India and Malaysia, we were safely redirected to Testing from the USA and UK offered up Mac scareware or Windows malware depending on our browser user agent IDs.

The attack is GEO-IP as well as OS aware.

And though this attack started more 16 hours ago, Facebook does not yet block links to even though the subject text and the root domain has remained unchanged during that time. This could be due to the fact the attack is utilizing Facebook “Likes” rather than posting links to user’s Walls which can be more easily filtered by Facebook’s security team.

Or perhaps they’re still catching up on their post-Memorial Day holiday e-mail.

Leave a reply


SUNDAY, JULY 03, 2022

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments