Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Reports of another javascript-based spam scam doing the rounds in Facebook - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reports of another javascript-based spam scam doing the rounds in Facebook

We have received reports of another JavaScript-based spam scam doing the rounds in Facebook.

This one involves a friend's profile posting a link to your wall.

Should you click on the link in the friend's post , the JavaScript code send spam to your Friends list and so the snowball spam effect grows.

TrendMirco's malware blog had a good write up of the attack method here:

http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/

Sounds like introducing friends and family to NoScript Firefox extension [1] would be one way to avoid a large number of phone calls of "Help!" over the next few days.

Thanks to reader Roseman and others for writing in with details.

 [1] http://noscript.net/

 

Chris Mohan --- Internet Storm Center Handler on Duty

Chris

105 Posts
ISC Handler
Sophos now has a write of the early part of this event (before it had mutated much):
http://nakedsecurity.sophos.com/2011/05/12/preventing-spam-scam-on-facebook-does-exactly-the-opposite/
Anonymous
The Sophos writeup says the javascript behind this is retrieved off an .info domain. What domain is it and has that domain been reported to malwaredomains.com?
John Hardin

62 Posts

Sign Up for Free or Log In to start participating in the conversation!