Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43440
  • Total Topics: 16532
  • Online today: 3066
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 3047
Total: 3049









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Pez
« on: 07. January 2013., 09:51:47 »

WARNING: YouTube Video Scam targets Facebook Users.

Be advised cybercriminals are at it again, leveraging the popularity of Facebook and YouTube to scam consumers.We have seen several scams in the past spreading through Facebook promising of some leaked video of celebrities, or free Facebook T-shirts etc. The malware authors are making money by pay-per-click with these techniques. Users are tricked into clicking some links which appear in their friend’s wall. Once clicked Malware authors trick users by zeroing the opacity of malicious script which are loaded and injected in the backend without the user’s concern.All the victim sees is multiple redirections and a survey page which is brought at the end.  In the meantime, the injected script  steals the Facebook user cookies and post on Victim’s wall without his or her knowledge.

We have also seen some of these scams requesting for fake YouTube and Flashplayer plugins to be downloaded and installed after checking for the browser running in victim s machine.  This was done with the help of following script running in back.


larger image

This scam was seen circulating from last week of December2012 which looks to a video shared.


larger image

Scripts are run in the backend to load the Fake YouTube Logo into the Fake Youtube page:


larger image

Fake YouTube Logo is loaded from the above link


larger image

Few calculations are done before bringing up above Fake YouTube page.


larger image

The redirection link brings up a fake YouTube page where it says YouTube Security Verification is being done as shown below.


larger image

The number highlighted which is asked to be entered in the “Type code here” area keeps changing at regular interval of time with the help of random operation performed in the back.


larger image


larger image

Changing the opacity marked above, reveals us a space where comment is asked to be entered.


larger image

By the time , I changed the opacity and entered a comment, the Security Verification Number got changed. The Security Verification Number is generated random with the help of script below.

A few operations are performed before bringing the wordings which promises of the video that appeared on Victim’s wall.


larger image

Some of the very common words seen in these type of scams are:

• OMG!! I Bet you can’t watch this video for more than 10 seconds
• I dare you to watch this video more than 10 seconds , etc

Another script  http://j.maxmind.com/app/geoip.js  is injected to learn the victim’s location


larger image

Finally it brings up a page which says the victim s account is being verified. But the video is not still being played.


larger image

Viewing the source of the web page gives us more information, about the scripts , Iframes injected and the “Complete the Simple Step Below to Continue ….!” which appears on top of the window.


larger image

We could see a YouTube link. When investigated, it asks for a missing plugin to be installed to view the video.


larger image

When the missing plugin is installed, Victim could see some porn and prank videos.


larger image

Facebook is also continously monitoring malwares and scams spreading across its users. Users can report suspicious post as Scam back to Facebook and they can block the scam from spreading from their end. This can be done by clicking the top right button which appears on every post ”Report Story or Scam”, highlighted in red in the below figure.


larger image

The user is then taken to a  page where they can finally report back to Facebook.


larger image

This way the user ensures scam from not spreading among his or her contacts.

Our advice to users is to pay extra caution when they see links which points to a video. Else you could be actually spreading the infection among your friends network. Also these scams come back with different images, different redirection urls and luring words. We also saw an old scam which promises Pink Facebook page coming back this month. In case you think you are being infected, please check your wall or ask your friend to check if any of these scams is sticking. Sometimes the infected user will not be able to see the scam attached to his wall.

No matter how many offers or surveys they complete, or what services they subscribe to, victims will never receive the promised video, gift or profile.


Orginal article: Thursday, January 3, 2013 at 9:22am by Niranjan Jayanand

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023