Symantec Observed a New Spam Campaign Spreading Across Facebook

Symantec Observed a New Spam Campaign Spreading Across Facebook

Symantec has observed a new spam campaign spreading across Facebook which appears similar to the following:

The message featured in the shared video post may vary slightly as it is randomly generated by using a combination of the following three options:

Part one:

· hey
· omg
· omg!
· OMG!!
· wtf
· wtf!!
· WTF!!
· YO
· yo
· YO!

Part two:

· I can't believe you're
· i cant believe youre tagged
· what are you doing
· why are you
· why are you tagged
· you look so stupid
· you should untag yourself

Part three:

· in this vid
· in this video

On top of that, the app_id in the requests is ‘6628568379’, which may cause the post to look as though it was sent from an iPhone when this is not the case. This is done to give an appearance of further credibility to the scam.

When the video is clicked, malicious JavaScript is copied to the clipboard and the user is asked to paste (“Ctrl+V”) this into the address bar and press “Enter”.

Next, the following message is displayed, which has the Facebook “look and feel” – as below. However, filling out the survey doesn’t verify anything. It just nets a survey fee for the spammers.

Unfortunately, the spam video link is also sent to everyone in your friends list in an attempt to keep the campaign spreading. For further details on this, please proceed to Symantec’s Security Response blog post here.

Symantec advises users to be vigilant when they come across messages like these. Think before clicking, don’t paste code into the address bar and, most importantly, keep your software up-to-date.

News for Past 12 Months