The Latest in IT Security

Facebook Spam Claims to Prevent Spam, But Still Leads to Spam


These past days, Facebook had been a host to a string of malicious activities like the fake Osama bin Laden video, spam event that purportedly determine “who’s viewing your profile”, and an attack that employs multiple Facebook features to spread malicious links. Given these incidents, a safe and secure Facebook experience is definitely a top concern among avid users of the social networking site.

Unfortunately, this very same desire for safety has now been employed by cybercriminals to propagate yet another spam run. We have recently observed several wall posts spreading on Facebook that claims to “verify” accounts of users. This verification, as these wall posts claim, is supposed to help users in preventing Facebook spams; but in reality, it spreads the very same threat it is supposed to block.

Similar to previous Facebook threats, this spam run starts as a wall post from an online contact and instructs verify users’ Facebook account by clicking ==VERIFY MY ACCOUNT==. Right after clicking the said link, it redirects immediately to a site that runs a specific malicious script.

Click for larger view

This script collects list of the affected user’s account Facebook friends and post the same post onto each contact’s wall. The said script is detected by Trend Micro as JS_DOOLF.SPM. This malicious script also displays an alert that says: Verification Failed. Click ‘OK’ and follow the steps to prevent your account from being deleted

This alert also references to a document purpotedly hosted in the site http://{BLOCKED}, which is currently not accessible.

Click for larger view

Reports say that the attack from which this run originated from had a different social engineering lure – a rather offensive message and a call to vote for a girl named Nicole Santos. A Facebook spokesperson was interviewed about the said attack, and confirmed that the spam was spread through a bug in their code, and that it has been resolved.

Trend Micro product users are already protected from this through the Trend MicroT Smart Protection NetworkT.

For more information, users may also refer to our comprehensive report about social networking sites Spam, Scams, and Other Social Media Threats.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments