‘Teacher nearly killed this boy’ – rogue spamming Facebook app at large

Updated Hundreds of thousands of people have so far clicked on a link sent by a rogue Facebook application, which tempts users into giving the application access to their Facebook profile in exchange for seeing a “shocking video” of what is alleged to be a teacher physically assaulting a boy.

A quick search on Facebook reveals thousands of users are promoting the link on their newsfeeds, encouraging their friends and acquaintances to also add the application:

I am shocked!!! The teacher nearly killed this boy - Worldwide scandal!

A typical message reads:

I am shocked!!! The teacher nearly killed this boy: http://bit.ly/aWeBMl - Worldwide scandal!

Clicking on the bit.ly link redirects Facebook users to a page promoting a Facebook application called “Teacher nearly kills a 13 year old boy. SHOCKING!”, which offers what appears to be a video thumbnail of the attack and the encouragement to “Click here, then ALLOW, to see the shocking video”.

Facebook application

However, if you are tempted to follow the on-screen instructions to view the video you will also be allowing the third-party application to gain access to your profile, and to repost the spam message to your own wall.

Request to add Facebook application

Do you really want this application to have access to your name, list of friends and profile picture? Do you really want to give your approval to the complete strangers behind this Facebook app to recruit your friends and acquaintances as well?

After all, you don’t know what they’re going to do next – once they have hundreds of thousands of Facebook users signed-up? The next spam they send from your account could be designed to phish your friends’ password details or spread malware.

We can only hope that Facebook will act quickly to shut down this and other rogue Facebook applications, and police more tightly dubious activity on their social network in future.

If you were hit by this attack, check your privacy settings and remove the application from your profile. Furthermore, delete any posts it may have put on your newsfeed – so no more of your friends can be tempted into clicking on the link and falling for the same trap.

Bit.ly is already displaying a warning message to users who click on the link – it would be good to see Facebook also taking action to curtail the spread of this spam attack.

If you’re regular user of Facebook, you should join the Sophos page on Facebook to be kept informed of the latest security threats.

Oh, and please share this page on Facebook to spread the word.


Update: New versions of this scam continue to cause considerable problems on Facebook as they spread virally in a worm-like fashion across the social network. They are using a different name for the rogue application, and a different url-shortening service, but are otherwise extremely similar. I have made a video demonstrating the attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Please take care when you’re online, and consider joining the Sophos page on Facebook to be kept informed of the latest security threats.