Clever Scareware Scam Spreads Across Facebook
PandaLabs security researchers this week notified users that a fake virus alert was inundating Facebook walls in an attempt to get users to download bogus antivirus software.
A massive scareware scam has been targeting Facebook users over the past two days, in which a fake virus warning is distributed via e-mail and then forwarded or published to thousands of Facebook walls, according to researchers at security software vendor Panda Security.
Facebook and other social networking sites have provided a fertile field for hackers and malware purveyors to do ply their trade. Not surprisingly, the level of sophistication and clever tactics used to hoodwink Internet users continues to escalate on an almost daily basis.
In a blog posting Thursday, PandaLabs researchers begrudgingly admitted that whoever conjured up this latest scareware scam was smarter and more creative than most.
The unsolicited warning delivered through e-mail accounts and then posted on Facebook asks users if their Facebook has "been running slow lately" and directs recipients to click on their Settings link and check to see if there's something called "unnamed app" in their application settings.
The bogus warning further advises users to delete this nonexistent "unnamed app" because it's an internal spybot. It also tells users to "pass it on. About a minute ago...i checked and it was on mine," a fairly obvious social engineering trick designed to convince users that another legitimate Facebook user posted the warning.
"But the most interesting thing is that as you can see, there is no link to click on," PandaLabs said in its blog entry. "A normal user will go to a search engine to find out what this is about... and then he will find that there is a nice BlackHat SEO attack that makes the 1st and 2nd results lead to a malicious Web site that forces you to install a rogueware application."
Facebook officials said they have resolved the issue.
"Some people have posted about the appearance of an application listed as "Unnamed App" in their Application Settings," Facebook said in its security blog. "This was a bug, which we have now fixed. It did not damage any accounts. Be wary of any sites that claim to be able to fix this, as they might contain malicious software."
Earlier this month, another bogus antivirus software scam used the Massachusetts senatorial election to dupe users into visiting sites laden with malware.
In that scareware plot, 33 of the top 100 results from a search for "Massachusetts Senate race results" led to malicious sites, according to security software vendor Symantec (NASDAQ: SYMC).