Yet another rogue Facebook application is spreading its tentacles rapidly across the social networking system, posting messages from users’ compromised accounts claiming to be a link to a video of an anaconda coughing up an entire hippo.
A quick search on Facebook finds thousands of users who appear to have updated their status with the message about “the scariest snake ever”:
OMG, this is the biggest and scariest snake I have ever seen, check out this video
followed by a tiny.cc link.
As you can see in the following video, clicking on the link takes the unsuspecting Facebook user to a rogue application.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
The rogue application tricks the user into giving it permission to access their Facebook profile, list of friends and be allowed to post status updates and messages onto their profile (which can then be seen by their Facebook friends).
The point of the application’s spamming is to draw Facebook users into taking online surveys – and each time a victim completes a survey, the scammer makes some commission. Even if you don’t take the survey, the rogue application has already abused your Facebook account – changing your status message and spreading an advert for the alleged “shocking video” to your news feed:
SHOCKING! Anaconda Coughs Up An Entire Hippo!
Horrifying snake killed a huge hippo! SHOCKING! Video
The other important thing here, of course, is how are you going to protect yourself in the future. Clearly many people need to be helped determining what is safe and what isn’t safe behaviour on a social network – and education about new breaking threats is a great way to raise awareness.
If you have Facebook friends who you believe are acting unsafely online invite them to join the Sophos page on Facebook.