Current category:General

Facebook Phishing Attack Spammed Out Widely

As many social media platforms, including Facebook, LinkedIn and Google+, continue to grow, advertising within social networks is expected to reach billions of dollars this year. That is good news for large social media ad networks, newcomers, and, unfortunately, spammers.

Recent shutdowns of major spambots by law enforcement officials have lead to significant decreases in the amount of rogue pharmacy spam mails. The glavtorg.com affiliate network responsible for huge volumes of replica handbags and clothing spam closed its doors this month as well. It’s not surprising that spammers have begun to abuse Facebook and social media ad networks with their relentless postings of spam messages.

It’s relatively easy for Facebook to filter out the such massive spam campaigns and block the originating domains as they are almost instantly reported as dangerous or malicious by the tech community and social network users. However, it seems that spammers have found a way around Facebook’s spam filters by storing fake Facebook pages and malicious code in the cloud using services such as Amazon S3 and Google Docs. They’re easy to set up and increases the spammer’s chances of avoiding detection. Below is an example of a recent Facebook spam campaign.

Infected Facebook user accounts post spam messages with sensational or luring headlines and images in order to attract the attention of viewers.  This particular spam message was distributed by spammers through the usage of malicious web browser extensions that steal login details and post spam messages automatically.  Although Facebook worms and Trojan horses are detected quite effectively by most antivirus products, most of them simply fail to detect the malicious web browser extensions. 

When a user clicks on the link, he is taken to a fake Facebook website where the page is designed to replicate the look and feel of Facebook including a fake video and fabricated user comments. Google Chrome and Mozilla Firefox users are told that they need to install a Divx video plugin to view the movie but are actually given a malicious browser extension called Youtube Premium Player.  Visitors using other browsers are asked to complete a survey before being able to play the video.

Spammers also use Geo IP tools to find out the geographical location of an IP address. This is important to the spammers who monetize their traffic through display ads because such ad networks as WhiteFire do not accept traffic from non-English-speaking countries. As a result, spammers have to display ads or surveys from alternate ad networks when available. If you want to earn lots of dollars from ads and surveys without abusing ad networks you need plenty of traffic coming to your website. The truth be told, it’s not that easy. Everything comes down to good content, marketing and your advertising efforts. Instead of that, spammers use their affiliate IDs in spam campaigns.

Ultimately, spammers go through these efforts in order to monetize the traffic to their sites.  In addition to getting paid for the completion of each survey, they can also earn money through display ads by joining ad networks which connect them to merchants who are willing to pay for the exposure.  Fortunately, ad networks actively monitor their ad traffic for abuse and illegitimate use and are often able to cancel payments to the offending publishers.  While the success rate of such malware attacks remains unclear, it is certain that such attempts will continue as spammers come with more creative ways to bait unsuspecting users.

Click here to see Malware Removal Instructions by our Guestblogger Michael Kaur

GD Star Rating
a WordPress rating system

This entry was posted in General and tagged , , , , , , . Bookmark the permalink.

4 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *