Panda Security’s antimalware laboratory, PandaLabs have recently detected a new Facebook scam that uses a fake video of singer Katy Perry and ex-husband actor Russell Brand to trick users.
According to PandaLabs, if the user clicks the link, they are taken to a fake Facebook page where they are invited to download a plug-in to watch the video. The page indicates that over 4,000 people have already clicked the “Like” button, which is used by the scammers to trick victims into believing that the video is legitimate.
If the user tries to play the video, the worm will act differently depending on the browser used. On Internet Explorer, the worm displays an age verification page to access an application called “X-Ray Scanner”.
Then, before the user can take any other action, the browser takes them to a typical scam site where they are asked to enter their phone number. However, if they do so, they will start receiving unwanted premium rate text messages.
The infection is even more serious on Firefox and Chrome, as the worm installs a browser plug-in and uses it to post the scam to the victims’ friends’ pages.
According to Luis Corrons, technical director of PandaLabs, “Once again, user curiosity becomes cyber-criminals’ best ally. Scammers exploit people’s interest in this couple to infect users, who click the malicious link and download the worm without taking any precautions. This has two negative effects: on one hand, users infect their own computers; and on the other, a message is automatically sent to all of their Facebook friends.”
Social engineering is cyber-crooks’ weapon of choice to spread their creations through social media. The fact that users themselves unknowingly send the malicious links to friends facilitates malware distribution as people are more likely to click on a link received from a reliable source. There have been similar cases in the past. Last year, for example, over 80,000 users fell victim to a scam exploiting Steve Jobs’s death.
PandaLabs offers users tips on how to avoid falling victim to this type of scam:
- Be wary of websites offering sensational videos or unusual stories.
- Before you click on a link sent by one of your contacts, make sure it has been intentionally sent by your friend and it is not the result of a massive scam like this one.
- Don’t accept friend requests from people you don’t know. This will help keep your privacy safe.
- Always keep your computer’s operating system and Web browsers up to date, and make sure you have an up-to-date antivirus solution installed.
If, however, you suspect you have fallen into the trap:
- Check your browser plug-ins and remove any suspicious ones.
- Check the applications that have permission to access your Facebook account, and delete those you don’t know.
- Change your Facebook account password. If you use the same credentials to sign in to other services as well, change them too. It is always better to take all necessary precautions.
More information is available in the PandaLabs Blog.
About Panda Security
Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the World. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 61 offices throughout the globe with US headquarters in Florida and European headquarters in Spain. In 2006, Jeremy Matthews founded Panda’s local subsidiary in Cape Town, opening the international vendor’s first presence on the African continent.
For more information, visit http://www.pandasecurity.co.za/
For more information:
Tel. 08600 PANDA (72632)
Follow us on: