Facebook Black Scam Spreading Quickly, Symantec Warns


Facebook users are being warned to avoid a quickly spreading scam on the social network called "Experience Facebook Black," which ends up being a series of surveys designed to collect data on victims. The speed at which the scam is spreading has forced Google to take action to protect users.

The attack is using Amazon's S3 cloud storage service to host the campaign, according to Symantec, which warned about the attack Wednesday. Users are tagged with a picture that links to an external website that attempts to get users to install a Chrome browser extension to experience the phony service.

Once installed, the attackers use JavaScript files to create a new Facebook page on the victim's account and an iFrame that redirects users to the malicious website.

[Related: 5 Costly Hacker Attacks Plaguing Enterprises]

"Ultimately, users that install this Facebook extension will be presented with a set of survey scams, which is how the scammers monetize these types of campaigns," wrote Symantec threat researcher Satnam Narang. "Google has already removed several of these Chrome extensions and continues to improve their automated detections for malicious extensions."

Narang said users who have installed a Chrome extension must uninstall it and then delete the Facebook page created by the malicious JavaScript code.

Social networking threats have become fairly commonplace, with human security teams and automated processes in place at Google, Facebook and Twitter to detect and contain suspicious behavior before it becomes a serious problem. Facebook's popularity and long-term success have made it the primary target of many scams, which typically use links to phony videos, articles and websites. Security experts say users of social networks have a greater trust in links and messages shared on social networks, often freely clicking on links shared by others.

Facebook was used to spread the Koobface worm in 2009. The firm also has been quick to squash click-jacking scams and password-stealing cons.

The good news is that social networks do not typically harbor malware, according to a report issued in February by Palo Alto Networks. Instead, scammers host attacks by exploiting flaws in custom Web applications, according to the Santa Clara, Calif.-based networking security vendor, which analyzed malicious traffic in 2012.

The social network taking up the most bandwidth was Facebook, followed by Tumblr, Pinterest, MySpace and Google. Merely blocking access to social networks does little to improve an organization's security posture, the firm said.

PUBLISHED MARCH 20, 2013