A new spam campaign, similar to campaigns we have seen in the past, is spreading on Facebook. This one, however, has some interesting twists to it.
A Websense blog has reported that the core of the campaign involves a Facebook app that claims to know who your “Top 10 stalkers” are.
It works by creating an album – “My Top 10 stalkers” – with the description “Check who views your profile @,” followed by a bit.ly URL-shortened link. It then automatically uploads a photo to the app and tries to mark all the user’s friends in the photo.
The bit.ly link redirects the user to a page that uses JavaScript to determine the geographical location of the computer based on its IP address. Depending on the location, the page then redirects users located in specific targeted countries to the Facebook App in an attempt to further spread the infected link. The campaign is targeted at Facebook users in the United States, Canada, United Kingdom (including a specific target for Great Britain), Saudi Arabia, Norway, Germany, Spain, Slovenia, Ireland, and United Arab Emirates.
Hackers have already switched to using a new app. The first illegitimate app was deleted by the Facebook security team. Both apps use exactly the same mechanism to post spam profile messages in Facebook. Regardless of whether the JavaScript redirects the browser to the Facebook app because of its origin, all users are ultimately redirected to a scam page that tries to lure them into completing several fake surveys. Hackers use this method to try to collect personal information such as the user’s home address, e-mail address, or phone number.
If the user tries to navigate away from the page or close the browser, a message appears asking them to stay and complete a “SPAM-free market research survey to gain access to this special content.” Special it may sound, but it is definitely not spam-free!
As always, if a page forces you to Like, Share, or install an application in order to view it, DON’T DO IT! Chances are, it’s spam.
Infosec India 