A blog entry on M86 Security Labs said that the scam starts with someone in the victim's social network "commenting" on a post claiming to be from Wired News.
"Once a user clicks on the link, they are redirected to a random .info site. There have been over 10 of these in circulation for this particular scam. Before the user can click on anything, they are asked to answer a CAPTCHA-like verification form," Satnam Narang said in the blog post.
The CAPTCHA-like Verification form tricks the user into inputing the number 5, which actually results in the user leaving a comment for the .info website via the Facebook social-plugin layer for comments.
Narang said that this is why users will see that one of their "friends" commented on the .info site on their Facebook News Feed.
Victims are then prompted to download the executable file "videogameboxinstaller.exe," which supposedly downloads other pieces of software.
The other software include “AnyLike," which claims to allow users to “like" anything and everything on the web.
The scammers also use the “PageRage" software "to make money off of unsuspecting Facebook users."
"At the heart of all these Facebook scams lies the same principal: a way for the scammers to make money by tricking users. Survey scams have been working quite well, so it makes sense that scammers would begin focusing their efforts with pay-per-install affiliate programs," Narang said.
Narang also warned against other Facebook comment scams (“comment-jacking") that are making the rounds, including one regarding Free Airline tickets aboard Southwest Airlines.
Narang said the key is to be aware that scammers will do whatever it takes to make a fast buck on the backs of social networking users.
"If it looks too good to be true, there’s a very good chance that it is. Look out for the people who are apart of your personal social network: friends and family members. Let them know about scams like these, because awareness remains a big piece of the puzzle," Narang said.
Narang said that over 400,000 visits have been logged to the various links in circulation before the scam was shut down.
But as of May 9, Narang said the scam is making the rounds once again, with a few differences in the new version.
"Instead of verification by solving 3+2, users are asked to verify with a word instead, which is the basis for most CAPTCHA systems ... They ask you to click continue twice, because the second click is what allows the comment to appear on your profile," Narang said.
In this scenario, users would see the victim's post appear in their News Feed about the iPhone 5 along with the victim's comment of “incredible" which coincides nicely with the story.
Also, once the victim supposedly verifies the “CAPTCHA," he or she is asked to fill out one of a handful of surveys. — TJD, GMA News
source: http://www.facecrooks.com
0 comments:
Post a Comment