Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Fake bin Laden videos and who’s checking you out on Facebook?

Fake bin Laden videos and who’s checking you out on Facebook?

  • Comments 2

In the past couple of days on Facebook, a couple of my friends have fallen for scams on Facebook – click here to see pictures of bin Laden!  Similarly, a couple of other friends have fallen victim to the scam of finding out who’s tracking you (on Facebook) by clicking that link.  The result is that a piece of malware reposts the image to all of your friends’ wall, effectively spamming your friends list.

Gary Warner over at the University of Alabama beat me to it, writing a post about this, saying the same thing – these are all scams:

The behavior of this particular scam is too cause a link to be posted BY YOU on all of your friends' walls. (There is another popular one going around -- "See Who Viewed Your Profile" -- that behaves in the same way. Facebook confirms that there is no app that can do that, and encourages us to use the "REPORT" feature when we see that.   The danger starts if you click "Watch Video". DON'T DO IT!

Curse you, Gary Warner!  I was going to write about this two days ago but I procrastinated!  Anyhow, Warner has a list of recommendations from Facebook for its users:

  1. Unlike the page which tricked you into showing fake video and report them immediately to Facebook. -- in addition to posting the message to your friends' walls, this tricky Facebook worm causes you to "Like" its page. The more "Likes" a page has, the more people are convinced it's real, so it is helpful to go "UNLIKE" the page. (if you've liked it, it will be a choice on the left side menu.)

  2. If a friend is posting suspicious messages to your wall, they may have malicious software on their computer, or may have clicked something bad themselves. Facebook Help says the best thing to do is tell your friend to contact Facebook Help.

  3. If YOU are the one posting the message, this Facebook Help post is for you: Wall posts were sent from my account, and I didn’t send them. It has helpful hints about anti-virus, not clicking on spam, and how to reset your password.

  4. Have up-to-date anti-virus software

  5. Keep an eye for messages that often feature misspellings, poor grammar and nonstandard English. If it doesn't look like a message your friend would type, REPORT IT! It may be related to malware or a malicious app that is using your friend's account!

  6. Do not open spam mails, including clicking links contained within those messages.

  7. Don’t copy and paste any scripts in your Facebook profile. Several scams have worked by encouraging you to paste something odd in your profile. Some of those scripts install apps, grant permissions, or make you do things you wouldn't want to do!

  8. If you’re using Chrome, make sure you don’t paste any scripts in your browser bar, as the browser tries to preload anything you type in the ‘awesome’ bar.

These are all some pretty good hints.  Here’s a couple of more that I tell my friends:

  • Tell your friend that they have clicked on a malicious app.  They probably feel sheepish about it already but if they don’t know and you do, inform them.  That’s how they learn.

  • Advise them to run an antimalware scan on their computer.  If they don’t have one, they can get Microsoft Security Essentials for free.

  • I recommend that they change their Facebook password.  You never know these days if clicking the malware installed some sort of keystroke logger or similar for Facebook and captured it already.

Those are my hints.  Anyone have anything else?

Leave a Comment
  • Please add 5 and 3 and type the answer here:
  • Post
  • To stop these scams cold, turn off javascript by default, and turn it on only for web sites you trust. This halts XSS scams like these in their tracks because they rely on running a script from another web site, not FaceBook, to perform the work. Turning off javascript by default and clicking the little paper at the right edge of the URL box in Chrome to turn it on for FaceBook means that no matter if you click a link, it won't run. More information and pics of the process for chrome can be found at jdnash.com/.../how-to-crush-facebook-spam-scams.

    Hope this helps!

    --Kubulai

  • Great information for the general public.  But no one can super hero "I am GOD" Gary Warner on posting anything first.  He knows the entire universe of cyber defense and he is the only person in the planet to save us from cyber intruders.  Don't you see all the articles he writes that reads "I did this, I know everything. He is my binary hero.  It's Gary's world we're just a process and he is the kernel.  Gooooooo Gary!  Rah rah rah

Page 1 of 1 (2 items)