Posts Tagged: facebook


How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+’s ToS

by

With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays. This process, largely made possible by the massively undermined CAPTCHA bot vs human verification practice, results in automatically registered accounts, or the persistent data mining of malware-infected hosts for accounting data for social media accounts, continues to scale, allowing both individuals and organizations to […]

Continue Reading »

Pharmaceutical scammers impersonate Facebook’s Notification System, entice users into purchasing counterfeit drugs

by

By Dancho Danchev Opportunistic pharmaceutical scammers are currently spamvertising tens of thousands of bogus emails impersonating Facebook’s Notification System in an attempt to trick users into clicking on the links, supposedly coming from a trusted source. Once users click on the links found in the fake emails, they’re exposed to counterfeit pharmaceutical items available for purchase without a prescription. More details:

Continue Reading »

Malware propagates through localized Facebook Wall posts

by

We’ve recently intercepted a localized — to Bulgarian — malware campaign, that’s propagating through Facebook Wall posts. Basically, a malware-infected user would unknowingly post a link+enticing message, in this case “Check it out!“, on their friend’s Walls, in an attempt to abuse their trusted relationship and provoke them to click on the malicious link. Once users click on the link, they’re exposed to the malicious software. More details:

Continue Reading »

Fake ‘You’ve blocked/disabled your Facebook account’ themed emails serve client-side exploits and malware

by

Cybercriminals are currently spamvertising two separate campaigns, impersonating Facebook Inc., in an attempt to trick its users into thinking that their Facebook account has been disabled. What these two campaigns have in common is the fact that the client-side exploits serving domains are both parked on the same IP. Once users click on any of the links found in the malicious emails, they’re exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Malicious ‘Facebook Account Cancellation Request” themed emails serve client-side exploits and malware

by

In December, 2012, we intercepted a professional-looking email that was impersonating Facebook Inc. in an attempt to trick its users into thinking that they’ve received an “Account Cancellation Request“. In reality, once users clicked on the links, their hosts were automatically exploited through outdated and already patched client-side vulnerabilities, which dropped malware on the affected PCs. Over the past 24 hours, cybercriminals have resumed spamvertising tens of thousands of legitimate-looking Facebook themed emails, once again using the same social engineering theme. More details:

Continue Reading »

Fake ‘Change Facebook Color Theme’ events lead to rogue Chrome extensions

by

Cybercriminals have recently launched a privacy-violating campaign spreading across Facebook in an attempt to trick Facebook’s users into installing a rogue Chrome extension. Once installed, it will have access to all the data on all web sites, as well as access to your tabs and browsing history. More details:

Continue Reading »

Bogus ‘Facebook Account Cancellation Request’ themed emails serve client-side exploits and malware

by

Facebook users, watch what you click on! Cybercriminals are currently mass mailing bogus “Facebook Account Cancellation Requests“, in an attempt to trick Facebook’s users into clicking on the malicious link found in the email. Upon clicking on the link, users are exposed to client-side exploits which ultimately drop malware on the affected host. More details:

Continue Reading »

Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware

by

Facebook users, watch out! A recently launched malicious spam campaign is impersonating Facebook, Inc. in an attempt to trick its one billion users into thinking that they’ve received a notification alerting them on activities they may have missed on Facebook. Upon clicking on any of the links found in the email, users are exposed to the client-side exploits served by the Black Hole Exploit Kit. More details:

Continue Reading »

Cybercriminals spamvertise millions of bogus Facebook notifications, serve malware

by

Recently, cybercriminals spamvertised yet another massive email campaign, impersonating the world’s most popular social network – Facebook. It was similar to a previously profiled spam campaign imitating Facebook. However, in this case the cybercriminals behind it relied on attached malicious archives, compared to including exploits and malware serving links in the email. More details:

Continue Reading »