Weekend Adware Scam Returns to Facebook

A spam campaign that pushes adware and tries to steal the login credentials of Facebook users has hit the social-networking website for the third weekend in a row. The ruse this week is an alleged recording of a "naughty camera prank" that claims to be the most hilarious video ever.

The attack comes in the form of a message containing a link to a phishing page sent by infected users to all of their friends. "[name] this is without a doubt the most hilarious video ever. LOL!" the message reads, while the link is entitled "Naughty Camera Prank! [HQ]."

Following the link is obviously not a good idea, as it will take users to a rogue site mimicking the Facebook login form. When this form is submitted, the page redirects back to an application page on the real Facebook site.

Allowing this rogue application to run will forward the spam message to all friends in your list and also offer an FLV player update. The alleged update is actually the installer for an adware application, which will bombard your desktop with all sorts of adds. At the moment, this executable, named FLVPro.exe, is detected by only 14 out of 40 antivirus engines on VirusTotal.

The attack follows scams from previous weekends, which used a similar ruse. However, security researchers from Websense point out that, unlike the past Distracting Beach Babes or the Sexiest Video Ever attacks, this one has the phishing component and behaves differently, depending on your IP's location. For example, UK users will be offered a ten-question quiz instead of the FLV player update.

"If you made the mistake of clicking on the video link please play safe by: warning your friends who you may have passed the message onto, scanning your computer with an up-to-date anti-virus, changing your Facebook password, checking your application settings and removing any apps you don't recognise," Graham Cluley, senior technology consultant at Sophos, advises.

You can follow this editor on Twitter @lconstantin