Monday 23 May 2011

Hottest & Funniest Golf Course Video scam spreads virally on Facebook - beware!

Hottest & Funniest Golf Course Video scam spreads virally on Facebook - beware!: "

Yet another scam is spreading virally across Facebook, posing as a video in a scheme to make money for the confidence tricksters behind it.


The messages show what appears to be a thumbnail of a video showing a man standing closely behind a scantily clad woman to give her golfing advice.


The Hottest & Funniest Golf Course Video - LOL. Watch the Hottest & Funniest Golf Course Video Don\



The Hottest & Funniest Golf Course Video - LOL

[LINK]

Watch the Hottest & Funniest Golf Course Video Don\


Another version of the scam uses football rather than golf as the lure:


The Most Funniest & Hottest Footbal Video - Must Watch!


The Most Funniest & Hottest Footbal Video - Must Watch!

[LINK]

Watch the Funniest & Hottest Footbal Video - Must Watch!


The links in the messages we have seen so far have pointed to a webpage at blogspot.com, although this could - of course - be changed by the scammers in future variations.


If you make the mistake of clicking on the link in the hope that you might see a funny saucy video you will find that you have fallen straight into the scammers' trap - as your Facebook page has been updated to say that you also 'Like' the page, thus sharing it virally with all of your friends.


You will also be encouraged to complete an online survey for 'verification' purposes, which in reality only earns commission for the bad guys who kicked off the money-making scheme in the first place.


The Hottest & Funniest Golf Course Video survey


Unfortunately, when I tested the scam I found no evidence that Facebook's newly introduced security measures to intercept scams and warn of dangerous links had been effective.


How to clean-up the scam from your Facebook page


If you have been unfortunate enough to have been hit by this scam, here's how you clean-up.


Move your mouse above the offending entry on your Facebook page and you should see an 'X' appear in the top right hand corner of the post. You should now be able to mark the post as spam (which will remove it from your page).


Remove the post by marking it as spam


Unfortunately, this hasn't also removed the page from the list of pages you like, so you will need to edit your profile to manually remove it. You should find it listed under 'Activities and Interests'.


Unlike the offending webpage


Be sure to remove any other pages you don't recognise in that list also.


If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.


Hat-tip: Thanks to Naked Security reader Lars for first alerting us to this attack.





"

" The Roving Giraffe News Report " provided by Ace News

Converting currency on Google can lead to malware attack

Converting currency on Google can lead to malware attack: "

Euro and dollarOne of the guys at the North American branch of SophosLabs recently stumbled across some Euros following an overseas trip, and wondered how much they were worth in dollars.


So he did what any of us would probably do. He Googled it.



215 euro to usd


Google very cleverly and kindly tells you what it believes the conversion rate to be, but you're also given a number of search results:


Euro to USD currency conversion search results


It's that final search result which is of interest to us. A quick search finds a number of other webpages which don't just use keywords related to currency conversion, but also other terms - 'dirty sexist jokes', for instance.


Euro to USD currency conversion search results


What is occurring here is SEO poisoning, where bad guys create poisoned webpages related to certain search terms in the hope that you will come across them and infect your computer.


The good news is that Sophos can offer a layered defence against this attack.


The initial webpage is blocked by Sophos as Mal/SEORed-A. It acts effectively as the doorway to the rest of the attack.


The site delivering the actual malicious payload is also blocked, and Sophos detects the exploit itself as Troj/ExpJS-BP.


Finally, the Java class files pushed by the exploit code are detected as Mal/JavaDldr-B.


Neat!


We see online criminals poisoning search engine results using blackhat SEO techniques a lot.


Fraser and Onur in our labs have written an excellent technical paper (PDF) which discusses the problem, and lifts the lid on how the bad guys are using automated kits to do their dirty work for them.


SEO poisoning technical paper



It's a great read. Check it out now.





"

" The Roving Giraffe News Report " provided by Ace News

Profile Stalkers on Facebook? Check out the viral scam that's spreading

Profile Stalkers on Facebook? Check out the viral scam that's spreading: "

Profile stalkers on FacebookAnother scam is being spammed out across Facebook, tricking users into helping its spread by fooling them into believing they will discover who is secretly viewing their profile.


Using a cartoon image of what appears to be a chimpanzee looking through binoculars,

the messages are being sent from other Facebook users who have already fallen into the trap of clicking on the link and following the scammers' instructions.


Clicking on the link contained inside the message (which I have obscured in the screen grab below) is a big mistake, as it takes you one step further into the criminals' trap.


Checkout your Profile Stalkers on Facebook


WICKED! Now you can see who views your facebook profile.. i saw my top profile stalkers and my EX is still creeping my profile every day


Checkout your PROFILE stalkers

[LINK]

Now you can see who stalks your profile daily


If you do click on the link you are taken to a third-party webpage which urges you to cut-and-paste some JavaScript code into your web browser's address bar. The page claims that it is your unique code to view your Top 10 Profile Spys - but it's not true at all.


Checkout your Profile Stalkers on Facebook


This is a trick being commonly used by scammers at the moment. If you paste their code into your address bar, it will typically pass the message onto other Facebook users - including your online friends. We recently saw it deployed in a Facebook scam offering a 'Dislike' button for instance.


Ultimately scams this typically end up with you being taken to a webpage which asks you to complete a survey - and the scammers earn commission for each survey completed.


Don't let the scammers make a monkey of you, and don't risk spreading a scam like this to your online friends.


If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.


Update: I'm reliably informed that the cartoon chimp is Curious George.





"

" The Roving Giraffe News Report " provided by Ace News