Over the weekend, two different malware attacks struck Facebook users, using fake jokes and malware infected videos to assail victims.
Fake video links were posted to Facebook pages with titles like “distracting beach babes,” which appeared to come from the target’s list of friends. The post included a thumbnail picture of a woman wearing a bikini, according to Sophos researchers.
The picture links to a page that attempts to install malware on the victim’s machine. If successfully installed, the malware repeats the attack against the newly infected user’s friends.
In another scam, a link is posted to a user’s Facebook page saying “try not to laugh” and linking to a site called fbhole.com. Currently, researchers with security research firm F-Secure believe that the worm merely posts to other individual’s walls and does not appear to do anything else.
F-Secure researcher Mikko Hypponen called the number attached to the domain name and had the following conversation:
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I’m looking for a person related to ironbrain.net.
– We’re investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I’m from an antivirus company. Are you related to ironbrain.net?
– I’ll have to check… maybe my company is…
– Please do.
About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over.