Facebook seems unable to stop scammers from circulating malicious Web links that install fake antivirus software on victims’ computers.
The scam was spotted Tuesday by antivirus vendor Sophos. At that time the criminals behind it were luring victims into installing the software by offering links purportedly to a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid. On Wednesday the scam switched and the link was supposed to be an X-rated video of celebrities Rihanna and Hayden Panettiere.
In both cases there is no such video. People who click on the link are sent to a website that tries to install the fake antivirus software. The scam is slightly different, depending on whether the victim is using a Mac or a PC. On the PC, the site tells victims that they need to install the latest version of Adobe Flash Player to watch the video. But the software they install is actually the fake antivirus program.
On the Mac, there’s a pop-up window that looks like a security warning. When victims click to “fix” the security problems, they end up installing the fake software.
Once installed, the software pops up scary warning messages and takes the victim to a pornographic website every five minutes until the victim pays for a software license — usually a US$60 to $80 charge. The software also posts the video links to the victim’s wall in an attempt to lure new victims. Paying the money for the fake antivirus product apparently puts the software into a dormant state where it doesn’t cause any more damage, said Chet Wisniewski, a researcher with antivirus vendor Sophos.
On Tuesday, the website used by the scammers was newtubes.in, but on Wednesday they switched to shockings.in.
Sean Sullivan, a security adviser with F-Secure Labs, said he isn’t sure why Facebook isn’t simply blocking posts that contain the malicious links. It “seems as if it would be easy,” but attackers could be using tricks to evade Facebook’s scam filtering systems, he said.
Read more: ComputerWorld