ESET Threat Blog
Andrew Lee

Is your ‘stalker ex’ still creeping your Facebook page?

by Andrew Lee CEO, ESET North America
May 15, 2011 at 4:17 pm

Another day, another Facejack attack. We see a lot of these sorts of scams, alluringly titled posts – typically with a promise to show you who has been visiting your profile (or infamously, video of Osama Bin Laden's death) – that try to get you to click to see some special content.

The latest one looks like this:

Will you really get to see your Profile stalker?

Actually, if you hover your mouse over the "CLICK 2 SEE YOUR STALKERS" text, you'll see that the URL actually redirects to another site, and in any normal facebook post you should actually see the "Share" button in this position

A normal Facebook post showing the "Share" button correctly

What actually happens when you click on the altered posts is that you simply share the link with all your friends. Unfortunately, in the background, you might also be opening your profile for further compromise, as there are a lot of javascripts that run behind these links. Some of the scripts just deal with redirecting you back to Facebook as if nothing had happened, and sharing the new post on your profile, but others may have more malicious intent – particularly ones that direct you to download video.

Facebook has recently taken efforts to put a stop to these sort of scams – particularly if they see the "Share" Button being replaced like this, but so far, it doesn't seem to be having much effect – we still see a lot of these sorts of posts spreading each week.

The best thing to do is, as always, Think before you click! The scammers and criminals who make malware for a living are relying on your curiosity, don't let them get the better of you!

.

This entry was posted on Sunday, May 15th, 2011 at 4:10 pm and is filed under Cybercrime, Facebook, Malware, Social Engineering. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Is your ‘stalker ex’ still creeping your Facebook page?”

  1. Melissa Says:
    May 16th, 2011 at 6:48 am

    I recently received 2 notifications on my facebook account…both from people on my friends list, but they did not post on my wall like the notifications said. When I clicked on the message it brought me to a page that had the newspaper icon w/ no notification under it. I don’t know what these messages really are and what I need to do to protect myself…should I call credit bureaus or is it not really that serious? I hope facebook is investigating these hackers.

Leave a Reply

Share |
Subscribe by Email
To receive new posts automatically through email, enter your email address:

Delivered by FeedBurner

Blog Search
Categories
Authors
Tags
Adobe autorun Botnet Conficker Cybercrime Facebook google Malware Microsoft patch Phishing privacy SC Magazine Security Social Engineering Spam Stuxnet The Register Twitter Virus Bulletin
Archives

Switch to our mobile site