The Latest in IT Security

Facebook video spam revamped


Last week there was an outbreak on Facebook of video spam related to Osama bin Laden’s death. The previous spam was basically variations of this:

fbspam (75k image)

If a curious user clicked on the link in the spam, it would eventually bring them to a page which basically makes the user manually send out spam to his own FB contacts, under the guise of a ‘security check’ to view the video:

fakesecuritycheck (36k image)

The user essentially does a copy-paste execute of the script:

fbspamcode (67k image)

That code messages the user’s first degree friends (with spam).

So we were analyzing the previous run of video spam on our test machine and today, woke up to find our FB Inboxes with tons of new spam, which has been revised so that we don’t even need to copy-paste the script any more. How convenient.

The spam we received looked like this:

friendspam (36k image)

Then, we’d be expected to clicked the ==VERIFY MY ACCOUNT== at the bottom (note: we do not recommend this).

Then we saw this at the bottom of our browser:

fbspamcode_latest (5k image)

The code would post the same message on our FB account’s Wall as the message the previous spam run sent out to the first degree contacts.

Next, a pop up box appeared:

verificationfailnotice (36k image)

And then redirects to this page:

redirect (66k image)

It is not really clear as to what the aim of the author is, there does not seem to be any obvious monetary gain. But it is definitely an upgrade on the previous spam run.

On a sidenote – posted “via iPhone”? Not really. Assigning the 6628568379 to the app_id parameter apparently makes Facebook recognize that the posting is from an iPhone:

fbspamcode2 (45k image)

For example, visiting would lead to


Threat Insight post by Shantini and Rauf

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments