“Facebook porn” malware attack 2015: What did we learn?
This month scammers launched a successful malware scam infecting thousands of computers via spammy Facebook pornography links that led to an age-old malware scam.
Perhaps the most frustrating aspect to this viral attack is that it managed to fool thousands of Facebook users with a scam that lacked any originality.
It is a typical “bait-and-switch” scam that uses enticing (for some people) Facebook links purporting to show pornographic videos that lead to malware-ridden websites. The only real difference here was the scams ability to tag Facebook users in the spammy links, which helped the scam propagate further and more quickly.
The scam would begin as the Facerbook user would notice that they has been tagged in a post made by a friend. The link would – in this case – appear to lead to a pornographic website. This is the bait.
Clicking the link leads to an external webpage that appears to offer said video. Clicking Play doesn’t lead to the video playing, however. With these scams, it never does. In this case the user it told they need to download software from the Internet in the form of a video update/codec. This is malware. The switch.
(Learn more about video codec malware scams here.)
Downloading and installing the malware will in this case infect your computer as well as download other component that are capable of hijacking your Facebook account (similar to the Koobface threats of yesteryear.)
That’s bad news because this means your account is going to be posting those same spammy links, as well as tagging your friends in them as well.
You can see that there at two different points the victim could choose to avoid the scam. They can choose to avoid it at the bait (i.e. don’t click on that spammy link) or they can avoid it at the switch (i.e. don’t get tricked into agreeing to install the software “update”.)
If you fell for both then two things need to happen…
1. You need to teach yourself more about Internet security. Quickly. Because these scams ain’t new!
2. You need to run your antivirus software quickly. Hopefully if its up-to-date if may have blocked the malware from downloading. If not you need to do a full system scan.
If you haven’t got up-to-date security software installed and want our recommendations for Internet security for 2015 then click here.
So how to avoid these scams in the future?
We wish we could offer some brand new advice that know one really knows about, but the reality is that the advice is the same as it always is in cases like this. Don’t go clicking on spammy links on Facebook and ESPECIALLY don’t agree to downloading “updates”, “plug-ins” or “video codecs” in order to watch a video. Because that is going to malware nearly every time!