Crooks deliver malware that gathers details about the computer

Aug 18, 2014 08:06 GMT  ·  By

A new scam has been spotted on Facebook, offering as bait the fake news that a girl has been killed by her husband because she kissed another man.

The post, coming from a friend, appears to provide gruesome footage of the act, which is meant to incite the user to click on the bad link leading to a page outside the Facebook ecosystem.

To quash any suspicion, the malicious website is very similar to a Facebook page and even provides a comments section (describing the video as shocking) along with statistics showing the popularity of the video among the users of the social networking website.

This type of deceit is often carried out by cybercriminals, but a closer look should reveal the sham as in most cases the comments section is just an image and cannot be accessed, and the statistics view simply makes available pictures with a limited amount of random numbers.

According to Graham Cluley’s blog post, a woman’s scream can be heard on the webpage containing the fake information. This is also an attempt to entice users to click on the bait.

As explained in the fake comments, users have to click on the “play” button and then share the video in order to be able to view it.

Sharing is necessary for ensuring the longevity of the scam and that more potential victims are exposed to it.

Researchers at Bitdefender warn that thousands of individuals appear to have already shared the “video,” although these figures may also have been spoofed to increase credibility.

They also say that the scam is not contained to Facebook but is present on fraudulent blogs and other websites, which may be how it reached the social network in the first place: a user lands on the scammy online location and shares the video with their friends in an attempt to watch it.

It appears that the end goal in this case is to have the victim install malware disguised as a plug-in that ensures playing of the footage.

Virus researcher Stefan Hanu from Bitdefender says that the malware can send details about the computer (non-personally identifiable) to a remote server:

“It can also communicate with a server and receive dynamic rules that can check, for example, if a certain application or antivirus is installed. Based on all these computer and user details, scammers may serve other links and payloads, targeting users with more efficient baits, in their own language. When it comes to adware, this is a recurrent and quite mediocre technique they use to increase illicit gains depending on the trend and statistics.”

Events that capture the curiosity are most of the times negative ones, and cybercriminals know this all too well as they have been scamming users this way for a long time. Last week they played another dirty trick on Facebook users, distributing the fake news that actor Robin Williams recorded a goodbye video message before committing suicide.

In fact, multiple groups of crooks hurried to take advantage of the tragedy as several malicious campaigns were running at the same time.

They tried to deceive users to land on specific websites offering to complete online surveys that would often ask for the phone number and would subscribe the unsuspecting user to premium-rate services; in other cases users would be served malware posing as software updates.

Photo Gallery (2 Images)

Fake page claiming to play the gruesome video
Sharing the fake video is required
Open gallery