New affiliate scam strikes Facebook

Another scam using stolen Facebook credentials is making the rounds. It is unclear how the spammers are acquiring the credentials, but it is likely the result of phishing, or Koobface. This attack is using the subject “Y o y Tube”, supposedly a play on “Youtube.”
Screenshot of Facebook scam

You’ll notice the URL (which I have censored) is all numeric. This technique has been used for some years and is an alternate encoding of the IP address the link directs you to. Browsers will interpret numeric inputs with no dots as octal, hexadecimal, or Dword values and happily load the content from what appears to be an invalid URL. usage statistics for spam URL For example, http://3575622733 will direct you to This URL directs you to a shortened link. You can see a number of people have clicked on this random Facebook message.

The shortened URL directs you to a page hosted in Iceland, which again redirects to a domain owned in Canada, hosted in the USA. At this point, you get a chat window with a sexy lady.

Spam chat window It only appears to be a chat window, though… it’s really just a Flash video that links you to Adult Friend Finder.
Why go through so many hoops to direct users to Adult Friend Finder? It’s known as affiliate marketing. Many spammers and adult content websites issue unique URLs to people and offer them payment for new subscribers, fake anti-virus installs, or purchases of pills making you “stronger in bed”.

This attack is another reminder to not click on URLs presented through social media, even if they arrive from a friend. Many different criminal groups are acquiring social media credentials and using your trust in a friend to compromise your computer, or just offer you some adult friends.

This Facebook friend clearly has had her password stolen, which is a reminder of the importance of having unique passwords for every site you visit, especially sites that are high-profile targets. As I mentioned in my blog on the hack, with so many sites requiring so many identities, consider using a secure password management application to help you sort it all out. Now go change your passwords for Facebook, Twitter, and Buzz before you are the next one apologizing to your friends.