We are currently investigating a new malicious campaign on Facebook mostly targeting French-speaking users. When visiting infected users’ profiles, you see the following:
Translation: Wow, it really works! Find out who is viewing your profile!
The various links that are used rotate quite fast and lead unwitting victims to a website that explains what they need to do. Here’s what it looks like:
Basically, there are 2 steps.
- The first one is to copy a Javascript code using CTRL+C
- The second is to visit Facebook.com, paste the Javascript in your address bar and press “Enter”.
In order to ensure the victims do this, there is an animated file (GIF) describing each step in detail; the cybercriminals obviously want to target users with limited computer knowledge as well. They warn users that it can take up to one minute to process.
Once that is done, the victims will spread the campaign on their own walls.
Interestingly, on the various sites that tell the victims how to infect themselves, the bad guys have added a statistic service. This page offers quite a lot of interesting information.
For example, here is a graph of the number of visits in the past 24 hours:
We have learnt that it started to take off around 9 pm last night and that it is currently growing fast.
As I am writing this blog, there are currently 2,266 visitors on the instructions pages.
Here is a map showing the locations of the visitors:
Its obvious France is the center of the epidemic right now.
I would like to remind you that you can’t see who visited your profile, be it on Facebook or Twitter.
You should avoid all such applications or websites like the plague – they don’t work and lead to infection. This sort of scam is nothing new. Back in the day, there were fake websites asking for your IM credentials in order to reveal who was blocking you. All you were doing though was giving some criminals your login and password.
IT DOES NOT WORK ㋡
Leave a reply
