Ex-girlfriend sex videos, browser plugins and Facebook survey scams

Filed Under: Facebook, Featured, Social networks, Spam

Facebook scamScammers are up to their old tricks on Facebook, tricking users into visiting revenue-generating survey scam websites by appearing to offer sex videos.

Using a thumbnail which suggests a link to a sex video, messages posted on compromised Facebook users' walls attempt to lure their unsuspecting Facebook friends into clicking to see more.

And if the use of a saucy snapshot of a naked man and woman in an intimate pose wasn't enough, the messages also include a variety of names (obscured in the images below) - presumably these are the names of the afflicted users' Facebook friends.

[Video] WOW.. watch what Happened to his Ex Girlfriend!!
[LINK]
Omg. I cant believe this actually happened to his Ex-Girlfreind!

Another version reads:

OMG. watch what happened to his Ex-Girlfriend!
[LINK]
[Video] Wow. I cant believe this actually happened to his Ex-Girlfreind!

If you are fooled into clicking on the link, however, you are taken to a third party webpage which claims that you will only be able to view the sex video once you you have installed a DivX plugin.

Install page

Hopefully regular readers of Naked Security would know better than to click on the link to install the plugin, but if you did it would attempt to install a script into your browser.

Plugin installation

Plugin installation

This script subsequently takes your browser to an all-too-familiar survey webpage - and the more people who complete the survey (presumably the scammers hope that their victims have committed so much effort into viewing the video by now, that they're unlikely to give up now) the more commission is made.

If you use Facebook and want to receive early warnings about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.

, , ,

You might like

6 Responses to Ex-girlfriend sex videos, browser plugins and Facebook survey scams

  1. Catles · 794 days ago

    wait........ are you using google chrome and you have a youtube scam addon? or am i missing something here

  2. Robert Gracie · 793 days ago

    I know better when I see something like this, because I have DivX already installed on my computer and if it says I need it again I close the page and I alert the correct people to alert them of the page if its via Facebook I report it as spam right away, I hate these spam pages most of all they are an utter waste of my time and they do not deserve to be allowed on the internet!

  3. Kathy · 793 days ago

    I got a personal message that was sent by a friend from high school (long ago) the message said:
    Hi Kathy, do you remember this picture?
    (it then gave me a link)
    I clicked on the link because I know Myrna, but it wanted me to sign into Facebook again, and my Norton Security Suite told me to stop.
    I messaged Myrna and my message went to her and 5 other people..... weird.
    She did message me yesterday and told me her Facebook had been hacked.

  4. Christopher Palow · 791 days ago

    Does sophos detect this variant of toolbar/plugin malware?

    • Hi Christopher

      We're currently blocking these threats by blocking access to the webpages that we find them on. I see that you work at Facebook - so you may wish to contact the Sophos team directly to discuss what more we might be able to do to protect against these threats.

  5. niranjan.jayanand · 654 days ago

    McAfee removes these plugins from Firefox/Chrome browsers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.