Wouldn’t it be cool if you had immediate access to your favorite music and bands? What if these are readily available on your favorite social networking site?
 |
Unfortunately, spammers also find this cool. We recently noted messages and wall posts circulating on Facebook that promote a supposed new music player feature. Below is a screenshot of what these spammed messages typically look like.
 |
The script used in this spam run is now detected by Trend Micro as JS_FBJACK.B. Similar to other previously reported Facebook spam runs, once users access the alleged link, they are redirected to a site that tells them to follow several steps. The first of which is to copy a particular snippet of code onto their browser address bars, reminiscent of the “See You… In 20 Years!” Facebook attack, which spread via multiple features.
Once done, the malicious script accesses the affected user’s Facebook friends list. From this list, it creates wall posts and sends chat messages to the accumulated Facebook contacts. The wall post and message read:
“FaceBook finally added a profile music player! I’ve been wanting one of these forever! [LINK]“
The post contains any of the following links:
- http://{BLOCKED}ures.webs.com/profilemusicplayer.htm
- http://{BLOCKED}okfeatures.webs.com
- http://{BLOCKED}ures7.webs.com/aboutme.htm
- http://{BLOCKED}cplayer.webs.com
- http://{BLOCKED}ilemusic.webs.com
All of the links above currently redirect to a single URL, a scam site telling the affected users that they won a certain prize. The site then asks them to give out personal information.
 |
Trend Micro product users need not worry, however, as they are already protected from this kind of attack via the Trend MicroT Smart Protection NetworkT.
For more information on social-networking-related attacks, users may also refer to our comprehensive report entitled, “Spam, Scams, and Other Social Media Threats.”
Leave a reply
