‘Baby Born Amazing effect – WebCamera’ scam spreads virally on Facebook

Facebook scams are on a sprawl. Almost everyday we’re seeing new scams and spams popping on Facebook and using social engineering techniques on the ubiquitous social network to trick users into clicking malicious code. The latest messages that are spreading rapidly across Facebook trick users into clicking on links claiming to show an amazing video of a big baby being born, reports Sophos Labs.

The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing a “Like” button to pass the message onto their online friends.

A typical message looks as follows:

Baby Born Amazing Effect – WebCamera

[LINK]

Big Baby Born !

“The links we have seen so far all point to pages hosted on blogspot.com, and appear to contain a video player that you are urged to click on. The pages are headlined: “Baby Born Video – Amazing Effects”,” explains Graham Cluley, senior technology consultant at Sophos.

See the message at the bottom of the page? It reads:

If Play Button don’t work please click on the Like button and Confirm, then you can watch the Video.

It’s at this point that the clickjacking scam plays its part. If you try to play the video then you will be secretly and unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally.

It’s a shame that Facebook’s own security measures don’t warn about this clickjacking attack.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Unfortunately, thousands of Facebook users appear to have fallen for the scam – and are helping the links spread rapidly across the social network.

Sophos suggests the following steps to clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”.

Unfortunately that doesn’t completely remove the interloping link. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

Users need to be careful before ‘liking’ any page on Facebook as this is a trap that’s a little complex for a non-techy user to come out of. Facebook recently  added new features to combat clickjacking techniques, but evidently that doesn’t seem to be a deterrent for spammers and scammers.

Facebook spam now plays your favorite music

Wouldn’t it be cool if you had immediate access to your favorite music and bands? What if these are readily available on your favorite social networking site?

Trend Micro recently noted messages and wall posts circulating on Facebook that promote a supposed new music player feature.

“The script used in this spam run is now detected by Trend Micro as JS_FBJACK.B. Similar to other previously reported Facebook spam runs, once users access the alleged link, they are redirected to a site that tells them to follow several steps. The first of which is to copy a particular snippet of code onto their browser address bars, reminiscent of the “See You… In 20 Years!” Facebook attack, which spread via multiple features,” Trend Micro’s Threat Researcher, Marco Dela Vega noted in a blog post.

Once done, the malicious script accesses the affected user’s Facebook friends list. From this list, it creates wall posts and sends chat messages to the accumulated Facebook contacts. The wall post and message read:

“FaceBook finally added a profile music player! I’ve been wanting one of these forever! [LINK]“

The post contains any of the following links:

• http://{BLOCKED}ures.webs.com/profilemusicplayer.htm
• http://{BLOCKED}okfeatures.webs.com
• http://{BLOCKED}ures7.webs.com/aboutme.htm
• http://{BLOCKED}cplayer.webs.com
• http://{BLOCKED}ilemusic.webs.com

All of the links above currently redirect to a single URL, a scam site telling the affected users that they won a certain prize. The site then asks them to give out personal information.

Facebook Spam That Claims to Prevent Spam Leads to Spam

Unfortunately, the desire to stay safe from malicious attacks on Facebook are now being used by cybercriminals to instigate yet another spam campaign. Trend Micro Researchers recently saw several Facebook wall posts that claim to have the ability to verify the security of users’ accounts. Clicking the link to the verification site, according to the posts, is supposed to help the users avoid Facebook spam. In reality, however, accessing the site is just another ploy to instigate the very same threat that the user wants to prevent.

Similar to previously reported Facebook threats, this spam run starts from a wall post supposedly made by an online contact. The post encourages the users to verify the safety of their Facebook accounts by clicking an embedded link with the text, ==VERIFY MY ACCOUNT==. Clicking the link immediately redirects the users to a site that runs a specific malicious script.

The script collates a list of the affected users’ Facebook contacts and displays the same text on their walls. Detected by Trend Micro as JS_DOOLF.SPM, the script also displays an alert that says Verification Failed. Click OKand follow the steps to prevent your account from being deleted.

In the past few days, Facebook played host to a string of malicious attacks involving a fake Osama bin Laden video, an event that leads to a site that supposedly allows users to see who has viewed their profiles, and a spam that uses several Facebook features to spread malicious links. These incidents led Facebook users to question the safety and security of the social networking site.

The alert also points to a document supposedly hosted on http://{BLOCKED}tenhe.info/verify.php?js, which is no longer accessible.

Never Click Links in messages received unexpectedly and never ever login to a site as a result of a link in a message. If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link. Use a unique strong password for each account. If you have multiple social networking accounts use a unique password for each.

Reports say that the attack from which the campaign originates uses a different social engineering lure—a rather offensive message and a call to vote for a girl named Nicole Santos. A Facebook spokesperson was interviewed about the said attack and confirmed that the spammed message spread because of a bug in their code that has since then been resolved.

Scam message offers you to enable a ‘Dislike’ button on Facebook

Many of us on various occasions would have wished to see a ‘Dislike’ button on Facebook along with the ‘like’ button. There’s a good news and a bad won for those wishing to show their disagreement or disliking towards a post, picture or a video on Facebook. The good news is that there is a way to ‘Enable the ‘Dislike’ button’ on Facebook but the bad news is, this is a scam.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

“Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”,” explains Graham Cluley, Senior Technology Consultant at Sophos.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

There is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

Facebook strengthens security: new features added to combat spam, clickjacking

One day after Symantec uncovered an alleged privacy breach, Facebook released four new features to its security suite, unrelated to the discovery. These four additions aim to boost protective measures against scams, spam, clickjacking and malicious cross-site scripting. The new features also include a new partnership with a website-vetting company and login approvals. Here’s what you need to know about Facebook’s latest fight against malware.

Facebook Partners With “Web of Trust”

Web of Trust (WOT) is a free safe-surfing tool that tells you which websites you can trust based on crowd-sourced ratings supplied by other WOT community members.
While Facebook already has a system that automatically scans links to determine whether the sites are spammy or contain malware, Facebook’s partnership with WOT will provide your account with an extra line of defense.

If you happen to click on a link that may contain spam or malware, a pop-up will appear that explains that the link you’re trying to visit could be dangerous. You then have the option to proceed or return to the previous page.

Since WOT is a crowd-sourced application, its effectiveness depends on the number of people rating the safety of various websites. Facebook anticipates that getting its members to submit questionable sites to the list will help to “massively increase” WOT’s coverage and security reach.

Updated Clickjacking Precautions

Since spammers tend to take advantage of browser vulnerabilities, they often try to trick users into clicking on bad links–also known as clickjacking. Spammers do this by overlaying the link with something enticing, such as a phony offer.

One such clickjacking worm that spread through Facebook’s “Like” feature last year and affected hundreds of thousands of users had a message that said, “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”

Facebook has now built a clickjacking defense into its “Like” button to alert you if Facebook thinks you’re being tricked. When Facebook detects something suspicious, you’ll be asked to confirm your “Like” before Facebook posts the action to your profile and your friends’ News Feeds.

If you have already clicked on a link to add something to the “Likes and Interests” section of your profile, you can always edit the field by clicking “Edit My Profile” and selecting “Likes and Interests” from the menu on the left.

Self “Cross-Site Scripting” (XSS) Protection

Another way spammers take advantage of browser weakness: by asking users to copy and paste malicious code into their address bar. This causes the browser to take actions on the malware’s behalf, including posting status updates with phony links and sending spam messages to friends.

You’ve probably seen Facebook friends post apologies more than once to their profile for unknowingly posting spam on friends’ walls and warning others not to click it.

Now, when Facebook’s systems detect that you have posted malicious code into your address bar, Facebook will display a popup confirming that you meant to do this, and will provide information on why it’s a bad idea.

Advanced Login Approvals

Facebook’s new “Login Approvals” function is now available to everyone. The feature is optional–but recommended for all Facebook users–and uses two-factor authentication. That means, if you choose to use it, whenever you log in to Facebook from a new device, you’ll be required to also enter a code they send to your mobile phone via text message.
If Facebook sees a login attempt from a device that you haven’t saved, you’ll be notified the next time you log in. If you don’t recognize the login, you can then change your password.

Cybercriminals targeting consumers through social network viruses and data theft

The next time you are prompted to enter your facebook or twitter password after clicking on some nice ad, make sure the location bar of the browser says ‘facebook.com’ or ‘twitter.com.’ Moving beyond their favorite targets, the corporates, cybercriminals are now targeting the least secure users of all, the end consumers, notes the latest Microsoft Security Intelligence Report.

Gone are the days of alluring emails asking you to part with your bank account details to claim your million dollar prize, cyber criminals now prefer to ‘hang out’ at your favorite social networking site. According to the Security Intelligence Report — a quarterly security-related update from the World’s biggest software firm Microsoft — social networks accounted for 84.5 percent of all attempts to steal personal data from users in December 2010.

In comparison, only 8.3 percent of all such attempts — known as phishing — occurred through Social Networks in January 2010. There has been an increase of 1200 percent in phishing through social networking sites, as these venues have become lucrative hot beds for criminal activity, the report warns.

The attacks take the form of advertisements and links on Facebook and other social networks — legitimate marketing campaigns and product promotions, but are actual just traps to steal your data. They take the form of pay-per-click schemes, false advertisements, or fake security software sale.

“Social networking is on a high and cybercriminals and these sites have creates new opportunities for cybercriminals to not only directly impact users, but also friends, colleagues and family through impersonation,” says Sanjay Bahl, Chief Security Officer, Microsoft India.

The ultimate aim is to get users to download and install their programs, which will then make use of their computer to spread itself as well as to steal all kinds of data entered through the computer. Social networking viruses, Microsoft points out, is especially risky in India since the country has some 50 million (5 crore or 4% of the population) social networking users.

Interestingly, Microsoft owns 5% of Facebook — a site whose revenues may be hit if people stopped clicking on its ads.

According to the report, the most common category of unwanted software in India was Worms, which affected 42.5 percent of all infected computers, down from 45.4 percent in the last quarter. Worms are self-replicating programs.

The second most common category in India was Misc. Trojans, which affected 33.9 percent of all infected computers, down from 34.5 percent from the last quarter. Trojans, which may also be worms, also have the additional characteristic of being harmful to the user and are often used to steal data.

Pakistan planning to completely ban Facebook

Internet censorship and intolerance towards free speech is becoming a common place in many countries. On the lines of India’s new Internet censorship law that allows the government to ban any website that contains content that can be considered an act of Blasphemy, Pakistan’s Justice Azmat Saeed passed the order on a petition seeking a permanent ban on Facebook in Pakistan for holding a contest called the 2nd Annual Draw Muhammad Day.

According to The Express Tribune, the Pakistani edition of the International Herald Tribune, Advocate Mohammad Azhar Siddique who is contesting the case has sought directions for the Pakistani government to stop the display of blasphemous material against the Holy Prophet (pbuh) on Facebook and other similar websites in Pakistan.

He also requested the court to direct the government to establish a permanent authority to monitor objectionable online activities. He said that Facebook and similar websites should be permanently blocked for placing caricatures of the Holy Prophet (pbuh) and other prophets. The petitioner said that the contest, scheduled for May 20, was the evidence of international mischief against Islam.

Facebook had earlier generated much controversy in Pakistan when cartoonist Molly Norris had announced a contest to sketch caricatures of the Prophet Muhammad (pbuh) in May 2010. The sponsors had later apologized and cancelled the contest. The temporary ban imposed on Facebook was then lifted within two weeks.

Facebook is the most appalling spying machine: Julian Assange

Julian Assange, the founder of online activist group Wikileaks has asserted that US intelligence and law enforcement agencies have established automated intelligence gathering operations on all major social networks and several of the largest internet-based companies including Facebook.

Assange alleges that the data mining interfaces were implemented with the cooperation of the companies in order to diminish the high costs associated with providing records on an individual basis.

The allegations were levied in an interview with Assange posted by Russia Today:

“Facebook in particular is the most appalling spying machine that has ever been invented. Here we have the world’s most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to US intelligence. Facebook, Google, Yahoo – all these major US organizations have built-in interfaces for US intelligence. It’s not a matter of serving a subpoena. They have an interface that they have developed for US intelligence to use,” Assange stated.

Assange’s accusations provide plenty of ammunition for the tinfoil hat conspiracy fanatics, but he stops short of actually claiming that the social network Facebook is actually a front for covert government domestic spying:

“Now, is it the case that Facebook is actually run by US intelligence? No, it’s not like that. It’s simply that US intelligence is able to bring to bear legal and political pressure on them. And it’s costly for them to hand out records one by one, so they have automated the process. Everyone should understand that when they add their friends to Facebook, they are doing free work for United States intelligence agencies in building this database for them,” Assange continued.

The essential question is whether the data harvesting systems have been established prior to the passage of legislative changes to current wiretapping and surveillance laws.

Law enforcement officials claim that investigations are being stymied by the rapid change in communications platforms which have exceeded their ability to effectively execute search warrants in a timely manner.

The advent of new media like social networks, new communications channels like IM, IRC, VoIP, and new devices like smartphones, have rendered current laws governing wire tapping outdated, and officials want lawmakers to narrow the gap by addressing the issue with new legislation.

Assange’s allegations raise the question as to whether law enforcement and intelligence agencies may have established monitoring operations prior to Congressional consideration of the issue.

Osama Bin Laden death video scam spreads virally on Facebook

A link which claims to point to a video of the death of Osama Bin Laden has been spread virally across Facebook, just hours after the death of the Al Qaeda leader.

The messages, posed as updates on Facebook users’ walls, claim to point to banned video footage of Osama Bin Laden’s death:

SHOCKING NEW video of OSAMA BIN LADENS DEATH!!
Exclusive BANNED VDEIO footage of Osama Bin Laden being killed!!!

Clicking on the link takes you to a Facebook page which urges you to like and share the link with your Facebook friends, before you can watch the “shocking” footage:

However, sharing the link with others just helps spread it further across the social network, and instead of a shocking video you are instead presented with an all-too-familiar survey which you are told you must complete before you can go any further.

The scammers earn money every time a survey is completed, and that’s why they want you to share the link with others.

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last couple of days, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

According to Security firm Sohphos’ Senior Security Advisor, Chester Wisniewski, “It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.”

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Early Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

“Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath,” Wisniewski explained.

“More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours,” Wisniewski added.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

Some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments since this Facebook scam has been making the rounds.