Bitdefender Warns Of New Facebook Scam


The latest scam on Facebook has tricked more than 1,000 people into installing a malicious Flash Player update to view a phony video, according to a new warning issued by security firm Bitdefender. The firm also has uncovered aggressive advertising campaigns designed to spread spam on the social network.

The Romanian antivirus vendor said it detected the phony Flash Player threat in Romania, the U.K., Italy, France and Germany and warned that the scam or one like it could quickly spread to Facebook users in the U.S.

The Flash Player mawlare is an old but successful social engineering trick that has been detected on Facebook, Twitter and other social networks. It goads people into viewing a "private" or "naked" video. Once a user clicks a link they are redirected to one of as many as 6,000 websites registered by the attacker, which forces users to take fake survey or download a toolbar, a video and converter downloads. The multiple installation possibilities enables the attacker to increase the infection rate, Bitdefender said.  

[Related: Top 5 Social Networking Attacks You Should Dodge]

One of the attack tactics redirects users to a fake YouTube website where a Flash Player Trojan installs a browser extension. The scam is designed to spread by stealing the Facebook user's pictures and creating a post containing a malicious link to capture other victims, Bitdefender said.

A quickly spreading Facebook Black scam last year highlighted social networking threats and the extent attackers will go to steal valuable user information. Solution providers told CRN that they increasingly advise their clients to conduct more thorough security awareness training for end users. Social engineering tactics trick all users from office clerks to the CEO, said Cliff Sweazey, executive vice president of Indianapolis-based systems integrator Innovative Integration.

"The biggest threats to the organization are often the users themselves," Sweazey said. "The bad guys know this and are extremely successful getting in by tricking users into clicking a link and getting their account credentials."

Training users about privacy and security on social networks, and explaining why they should avoid clicking on links and be skeptical of online advertising might help reduce the risk, Sweazey said.

In addition Bitdefender has uncovered shortcomings in Facebook's ad policy that are fueling increasingly aggressive advertisements that distribute spam messages to users, said Bitdefender researcher Andrei Cristian Serbanoiu. In a new Facebook ads paper (.pdf), Serbanoiu developed a way to analyze ads for patterns that could signal potential scams in aggressive advertisements. Many of the ads uncovered during a six-month analysis pushed weight loss, replica watches and work-at-home scams, Serbanoiu said.

Spammers increasingly are turning to Facebook and other social networks as an alternative to traditional email spam to target younger users, Serbanoiu said. The tactic takes advantage of the user perception of a trustworthy environment on Facebook, he said. Facebook enables advertisers to target certain age groups, specific geographies, education levels and other interests.  

In his paper, Serbanoiu said a design flaw enables creators of third-party applications to use any ad network. Facebook ad policy outlines content, prohibiting pharmaceuticals and frowns upon sexually suggestive content. However, Facebook then turns to ad networks to police themselves, Serbanoiu said. Some of the ads displayed inside Facebook applications have gone to a variety of scams, including malicious websites pushing malware, he said.

Serbanoiu said he discovered ads promoting counterfeit sunglasses and skin tan pills that use additives that are not FDA-approved. In about 50,000 unique domains analyzed connected to the ads, about 33 percent were connected to pharmaceutical spam, 30 percent appeared to be touting counterfeit goods and 18 percent shuttled users to gambling websites, according to the analysis.

"A tighter grip on things on the part of the ad networks would definitely reduce this phenomenon, but once stricter measures are employed, they might lose customers and as a consequence, revenues will drop," Serbanoiu said in his report. "There is a trade-off between being too permissive and your reputation, and it is our opinion that companies should maintain a high standard in the business environment."

PUBLISHED MARCH 10, 2014