Trend Micro reports Facebook attack tapping LinkedIn

According to Gerard Dillera, his research team recently discovered a Facebook attack that uses Linkedin as a redirector site.

"The attack begins with a wall post that bears the subject, "The Video That Just Ended Justin Bieber's Career For Good!" Clicking the URL in the image creates a similar wall post on affected users' accounts", he says in his analysis of the fraud campaign.

This strategy, he reports, is a new trend, as cybercriminals normally employ URL shorteners and Facebook fan pages to point users to malicious sites.

The use of a legitimate site, he says, definitely increases the possibility that users will dismiss any suspicions that the post might be a malicious threat.

Dillera goes on to say that, although Facebook prompts a warning about the possible malicious URL activity, the malicious URL can still be accessed via the site.

The Trend Micro analyst notes that the URL is not really under the LinkedIn domain but is rather a redirector to another site.

"We find it unusual that LinkedIn would allow this type of redirector script on its site without performing some sort of check. Clicking Continue leads users to http://{BLOCKED}, which shows a video player-like interface, the supposed video on which shows famous singer, Justin Bieber", he says.

"Clicking the Play button redirects the browser to http://{BLOCKED}, which displays a window that asks users to answer a survey before they can view the contents of the said Justin Bieber video", he adds.

It also, he notes, informs users that they can get a $1,000 Walmart gift card or a gift from Facebook if they answer the fake survey. The malicious script that performs the redirection is detected by Trend Micro as JS_FBJACK.D.

"After completing the survey, users will find that the said video doesn't exist", he says.

"Once again, the cybercriminals behind this attack benefit from those who paid to answer the online survey. In addition, this can also pave the way for malware infection and information theft," he adds.

Dillera concludes by saying that, as cybercriminals consistently find new ways to trick users into participating in their schemes, it is of utmost importance that users know about the nature of these threats as well as how they can protect themselves.


What’s Hot on Infosecurity Magazine?