May 7, 2011

Facebook scammers go back to using Javascript

Facebook scammers know that in order to keep users falling for their scams, they have to use a variety of approaches.

For example, there was a time where rogue applications were the scammers' preferred method of making sure that the scheme is propagated through the social network. Before that, they were more partial to trying to make the users copy/paste scripts into their address bars in order to achieve the same result.

As users become accustomed to ignoring one particular approach - and Facebook is becoming more adept at spotting and blocking the rogue apps - the copy/paste script one makes a comeback.

The most popular lure used by these scammers is the undying "See who viewed your profile" offer. The landing page could be a Facebook one or one hosted on another domain, and it asks the user to copy some Javascript into the browser address bar and press ‘Enter’.



And just in case the user does not understand the instructions, the scammers have attached a video of the whole process. Once the directions are executed, the user is (predictably) asked to fill out a survey in order to finally get the results. In the meantime, the Java script works its magic.

"Depending on the configurations of the attacker, the script will post a new bait message to the user’s wall, send chat messages to friends, tag you in post messages or images, or even create an event and send an invitation to all your friends," explains Symantec.

"Of course as always the attack is easy configurable through a toolkit. Since the script runs in the context of Facebook and uses your open session it can do a lot with your profile, it can do nearly everything you could do yourself."

No comments:

Post a Comment