A sting in the tail of the "Error Check System" Facebook scare

Filed Under: Facebook, Malware, Social networks

Earlier today I warned you about a third-party Facebook application called "Error Check System" that has been moving in mysterious ways on the social network.

Naturally, a lot of people will have been searching for information about "Error Check System" and if you were to enter the name of the application into Google you would probably see results something like this:

Google search results for Error Check System

If you click on that first result you'll be taken to a webpage which appears to contain links about "Error Check System", but also contains code that loads an obfuscated script from another website.

That encrypted script checks to see whether you have arrived via search engine. If you haven't, it displays a fake 404 page not found message. But if it does believe you have arrived via a search engine like Google it will redirect your browser to another website which initiates a fake anti-virus scan.

Scareware

The fake scan is designed to scare you into believing that your computer is infested with malware, and tries to frighten you into making some bad decisions.

Sophos detects the malware the fake anti-virus product attempts to install as Sus/FakeAV-A and Troj/FakeAV-LL.

The worry is that in many people's rush to find out more about the suspicious application's behaviour on Facebook they may well run straight into a scareware author's trap.

But there's another interesting question that should be asked (thanks to @itf for suggesting this). Is it possible that the original Facebook application was actually a red herring, and the real dangerous payload came from people Googling for information?

The jury's still out - but it's interesting isn't it?

, , , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.