Reports of another javascript-based spam scam doing the rounds in Facebook

Published: 2011-05-12
Last Updated: 2011-05-12 08:38:17 UTC
by Chris Mohan (Version: 1)
2 comment(s)

We have received reports of another JavaScript-based spam scam doing the rounds in Facebook.

This one involves a friend's profile posting a link to your wall.

Should you click on the link in the friend's post , the JavaScript code send spam to your Friends list and so the snowball spam effect grows.

TrendMirco's malware blog had a good write up of the attack method here:

http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/

Sounds like introducing friends and family to NoScript Firefox extension [1] would be one way to avoid a large number of phone calls of "Help!" over the next few days.

Thanks to reader Roseman and others for writing in with details.

 [1] http://noscript.net/

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: Facebook
2 comment(s)

Comments

Sophos now has a write of the early part of this event (before it had mutated much):
http://nakedsecurity.sophos.com/2011/05/12/preventing-spam-scam-on-facebook-does-exactly-the-opposite/
The Sophos writeup says the javascript behind this is retrieved off an .info domain. What domain is it and has that domain been reported to malwaredomains.com?

Diary Archives