Polymorphic Facebook scam targets users

An insidious scam that can result in multiple malware downloads is currently targeting Facebook users, warns Bitdefender.
It starts rather predictably, as users inadvertently share links to a supposedly leaked pornographic video. If their friends follow the link, they are faced with a request to download a Divx plugin in order to watch the video:


“The page recommending users to install the missing plugin features several other elements to encourage users to keep clicking,” points out Bitdefender.

“The video’s name hints that the sex tape belongs to a celebrity; the warning that the user’s antivirus must be disabled works on reverse psychology: though prospective viewers know this action is risky, they do it precisely because they have been warned about it; and the reference to age verification further hints at the salaciousness of the video.”

When run, the downloaded “Extension YouTube” immediately changes all newly opened tabs to a page advertising an adult chat service, then leads the user to to another page that supposedly hosts the video the users wanted to check out in the first place.

But, now the users are asked to download another piece of software – the “7pic Video Premium Player”.

Unfortunately for them, it’s another bogus extension that allows the scammers to access hijack the users’ account by accessing the needed cookie information and propagate the scam further.

“This is an interesting and quite complex type of scam,” says Andrei Serbanoiu, Bitdefender Online Threats Analyst Programmer.

“In data security lingo, this would qualify as a polymorphic attack, which basically means that the malicious content served can be changed by the attacker thanks to the browser extension installed. If one user lands on the adult chat page, another may reach the malware downloader or even a whole different web page set up for phishing.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: