Sophos Cloud Optix
Scammers are up to their old tricks on Facebook, tricking users into visiting revenue-generating survey scam websites by appearing to offer sex videos.
Using a thumbnail which suggests a link to a sex video, messages posted on compromised Facebook users’ walls attempt to lure their unsuspecting Facebook friends into clicking to see more.
And if the use of a saucy snapshot of a naked man and woman in an intimate pose wasn’t enough, the messages also include a variety of names (obscured in the images below) – presumably these are the names of the afflicted users’ Facebook friends.
[Video] WOW.. watch what Happened to his Ex Girlfriend!!
[LINK]
Omg. I cant believe this actually happened to his Ex-Girlfreind!
Another version reads:
OMG. watch what happened to his Ex-Girlfriend!
[LINK]
[Video] Wow. I cant believe this actually happened to his Ex-Girlfreind!
If you are fooled into clicking on the link, however, you are taken to a third party webpage which claims that you will only be able to view the sex video once you you have installed a DivX plugin.
Hopefully regular readers of Naked Security would know better than to click on the link to install the plugin, but if you did it would attempt to install a script into your browser.
This script subsequently takes your browser to an all-too-familiar survey webpage – and the more people who complete the survey (presumably the scammers hope that their victims have committed so much effort into viewing the video by now, that they’re unlikely to give up now) the more commission is made.
If you use Facebook and want to receive early warnings about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.
wait…….. are you using google chrome and you have a youtube scam addon? or am i missing something here
I know better when I see something like this, because I have DivX already installed on my computer and if it says I need it again I close the page and I alert the correct people to alert them of the page if its via Facebook I report it as spam right away, I hate these spam pages most of all they are an utter waste of my time and they do not deserve to be allowed on the internet!
I got a personal message that was sent by a friend from high school (long ago) the message said:
Hi Kathy, do you remember this picture?
(it then gave me a link)
I clicked on the link because I know Myrna, but it wanted me to sign into Facebook again, and my Norton Security Suite told me to stop.
I messaged Myrna and my message went to her and 5 other people….. weird.
She did message me yesterday and told me her Facebook had been hacked.
Does sophos detect this variant of toolbar/plugin malware?
Hi Christopher
We're currently blocking these threats by blocking access to the webpages that we find them on. I see that you work at Facebook – so you may wish to contact the Sophos team directly to discuss what more we might be able to do to protect against these threats.
McAfee removes these plugins from Firefox/Chrome browsers