The sexiest video ever? Facebook users hit by Candid Camera Prank attack

Filed Under: Facebook, Malware, Social networks, Spam, Video

Leanne, a member of the Sophos fan page over on Facebook, contacted me earlier today to ask about videos being posted automatically on users' profiles entitled "the sexiest video ever".

A little digging discovered that thousands of Facebook users have woken up to discover messages posted on their walls, seemingly by their Facebook friends.

Fake Candid camera prank video on Facebook

The messages read:

<name>, this is without doubt the sexiest video ever! :P :P :P

accompanied by what appears to be a video with the title "Candid Camera Prank [HQ]". The message has what appears to be a movie thumbnail of a woman on a bicycle wearing a short skirt, and the video's length is given as 3:17.

Now, maybe you're in the habit of sharing and receiving videos like this with your online chums. I can certainly imagine a lot of blokes in particular might be tempted to play the video. Each to his or her own, but you should be extremely careful on this occasion.

Because if you click on the thumbnail you don't view a video at all, but are instead taken to a Facebook application. When I tried for myself the application failed to run (maybe Facebook has already taken action?), but according to reports from users it told them that their video player was out-of-date and urged them to download a file.

Users then report that the same video was posted (using their avatar and name as though they had posted the message) to their Facebook friends and acquaintances, thus spreading even more quickly.

Judging by the number of messages posted on Facebook, thousands of people received this attack. If you were one of them, you should scan your computer with an up-to-date anti-virus, change your passwords, review your Facebook application settings, and learn not to be so quick as to fall for a simple social engineering trick like this in future.

Update Patrik Runald, one of our friends over at Websense Security Labs, has produced this video demonstrating the attack.

As you can see, Patrik captured the attack in action - finding that aside from spreading it was designed to install the Hotbar adware to generate revenue for the bad guys.

If you're regular user of Facebook, why not join the Sophos page on Facebook? We'll do our best to ensure you are kept up-to-date with the latest security news.

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.