- Jan 24, 2011
- 9,378
Facebook users have been warned not to fall for a new scam using spoofed “private” videos of actress Emma Watson to spread information-stealing malware.
Netizens are likely to receive an unsolicited message on their wall with a malicious link to the supposed sexy video, which takes them to a YouTube clone site.
However, they are then told that Flash Player needs to be updated in order to watch the video and to click on the “Upgrade Now” button below.
The video is given extra “credibility” by virtue of the fact that it appears to have been posted by an Anonymous source – complete with Guy Fawkes account logo.
In fact, clicking on the button will begin a download of malware detected by Bitdefender as Trojan.JS.Facebook.A, and the executable as Trojan.Agent.BFQZ.
The malware will search for phone numbers and then sign them up to premium SMS scams, as well as change the browser settings so the user can’t view Facebook settings or activity anymore.
Bitdefender explained in a blog post:
“To look legitimate, Trojan.Agent.BFQZ uses the authentic Flash Player icon and drops the browser infection components in “C:\Program Files\Internet Explorer,” together with the install.bat, a file it also executes and adds at Start Up. It also grabs the anti-CSRF token of the victim – a common mechanism of Facebook scams. The Cross-Site Request Forgery attack allows scammers to reuse an already authenticated session to perform unwanted actions on users’ behalf.”
Other actions carried out by the malware include posting comments on the user’s behalf, automatically liking and following Facebook pages which can then be monetized, and stealing access tokens of legitimate Facebook apps to grab permissions.
Harry Potter star Watson is a perennial favorite of hackers, who try to capitalize on her allure to hook netizens.
Read more: http://www.infosecurity-magazine.com/news/facebook-scammers-trojans-emma/
Last edited:
