Current category:General

Facebook Phishing Attack Spammed Out Widely

As many social media platforms, including Facebook, LinkedIn and Google+, continue to grow, advertising within social networks is expected to reach billions of dollars this year. That is good news for large social media ad networks, newcomers, and, unfortunately, spammers.

Recent shutdowns of major spambots by law enforcement officials have lead to significant decreases in the amount of rogue pharmacy spam mails. The affiliate network responsible for huge volumes of replica handbags and clothing spam closed its doors this month as well. It’s not surprising that spammers have begun to abuse Facebook and social media ad networks with their relentless postings of spam messages.

It’s relatively easy for Facebook to filter out the such massive spam campaigns and block the originating domains as they are almost instantly reported as dangerous or malicious by the tech community and social network users. However, it seems that spammers have found a way around Facebook’s spam filters by storing fake Facebook pages and malicious code in the cloud using services such as Amazon S3 and Google Docs. They’re easy to set up and increases the spammer’s chances of avoiding detection. Below is an example of a recent Facebook spam campaign.

Infected Facebook user accounts post spam messages with sensational or luring headlines and images in order to attract the attention of viewers.  This particular spam message was distributed by spammers through the usage of malicious web browser extensions that steal login details and post spam messages automatically.  Although Facebook worms and Trojan horses are detected quite effectively by most antivirus products, most of them simply fail to detect the malicious web browser extensions. 

When a user clicks on the link, he is taken to a fake Facebook website where the page is designed to replicate the look and feel of Facebook including a fake video and fabricated user comments. Google Chrome and Mozilla Firefox users are told that they need to install a Divx video plugin to view the movie but are actually given a malicious browser extension called Youtube Premium Player.  Visitors using other browsers are asked to complete a survey before being able to play the video.

Spammers also use Geo IP tools to find out the geographical location of an IP address. This is important to the spammers who monetize their traffic through display ads because such ad networks as WhiteFire do not accept traffic from non-English-speaking countries. As a result, spammers have to display ads or surveys from alternate ad networks when available. If you want to earn lots of dollars from ads and surveys without abusing ad networks you need plenty of traffic coming to your website. The truth be told, it’s not that easy. Everything comes down to good content, marketing and your advertising efforts. Instead of that, spammers use their affiliate IDs in spam campaigns.

Ultimately, spammers go through these efforts in order to monetize the traffic to their sites.  In addition to getting paid for the completion of each survey, they can also earn money through display ads by joining ad networks which connect them to merchants who are willing to pay for the exposure.  Fortunately, ad networks actively monitor their ad traffic for abuse and illegitimate use and are often able to cancel payments to the offending publishers.  While the success rate of such malware attacks remains unclear, it is certain that such attempts will continue as spammers come with more creative ways to bait unsuspecting users.

Click here to see Malware Removal Instructions by our Guestblogger Michael Kaur

GD Star Rating

This entry was posted in General and tagged , , , , , , . Bookmark the permalink.


  1. Nikolaj Bomann says:

    It still seems like there is a new kind of phishing going on, on facebook every week or so. It’s sad now that is’t a place for joy and relaxation.
    But i really hope the number of phishing attacks will be reduced in the future.

  2. ed says:

    Is this the cloud computing downside? Facebook needs to eliminate these type of these scams and spams and also have an instant reporting system to flag these scammers and spammers so that they don’t proliferate. However, I’m not sure if it’s possible to develop a script to detect the malicious browser extensions.

  3. Shilpa says:

    i am ready to leave Facebook. from everything i read about it, it is nothing but a data mine and mega money maker for Facebook (nearly one billion users worldwide). it is also getting so spammy and phishy. Facebook doesn’t seem to be addressing user risk issues. it seems like they have become a behemoth that only exists to serve itself and now investors too since the IPO.

  4. Laust says:

    Its amazing that Facebook cant(or wont) do anything about those videos that links to websites and automatically joins pages.

    Facebook Phishing seems to be so easy.

Leave a Reply

Your email address will not be published. Required fields are marked *