Website and Facebook Scam: Osama Bin Laden Video is Bait

Rik Ferguson, director of security research at Trend Micro, has been writing on his blogabout the widespread use of fake Osama Bin Laden death footage as a new bait in an attempt to infect victims computers.

Since the Al Queda leader was shot there has been a number of scams being reported that begin with an opportunity to view the video of his death. The latest report from Mr Ferguson is directly related to infection via Facebook, the social media website’s Chat Application.

The chat message is “Watch the video of them killing Bin Laden” and is accompanied by a link. The link is to a website where you are invited to copy and paste a link into your web brower. The link is a piece of web scripting that calls a second scripting file.

Mr Ferguson writes, “The second file enumerates all your friends and sends them chat messages, creates an event to which all your friends are invited and continually updates your facebook status. Meaning that the video link is immediately posted to your facebook wall”

It is through this automated sending and posting that has sent the scam viral.

Facebook: Scam Central on the Web

Facebook is fast becoming the number one place for computers to become compromised. Where email was the number one place for viruses ten years ago, Facebook has picked up the mantle and is now carrying it forward.

The principle is the same as the old email scams. “The subject line of the email would entice the recipient to view an image of the latest celebrity in an uncompromising position. “ said Philip Brassington, Director of Rake Mark solutions. He continued “ The payload would be contained in the image or the link to an image and we have the same tactic here.”The offending JavaScript file in this instance even contains the line “var eventdesc = ‘Hey everyone, n fb now lets you see who viewed your profile! to enable this feature, go here! -” suggesting that this represents nothing more than a rebaited trap.”

Mr Brassington said, “More and more companies are looking at filters to prevent employees from accessing Facebook at work. Not so much for the time spent on the Facebook website instead of working, but because of the security risks it poses.

Leave a Reply

Your email address will not be published. Required fields are marked *