Facebook's 'Dislike Button' scam

Few days after Facebook CEO Mark Zuckerberg, on September 2015, in a Q&A session announced that the long awaited Facebook ‘Dislike Button’ will be implemented soon, scammers seized upon this opportunity in spreading phishing attacks and malware.

Soon after this, many users got the link inviting them to download the Facebook’s ‘ Dislike Button’, it says that it is "invite-only feature". One of the most popular dislike button scam is titled as “Get newly introduced Facebook dislike button on your profile". Once clicking on these links leads the victims to a malicious websites.

The ultimate goal of the scammer  is to encourage users to share the link on their Facebook page. Once it is  spread on Facebook, they asks you for your personal information and account credentials, or sometimes it  downloads the malicious software causing further damage to the computer.

Zuckerberg,  the co-founder and CEO said that, "We are working on it, and are very close to shipping a test of it."

Computer security expert Graham Cluley  showed this concern over this on his blog.  "Scams like this trick you into liking pages, and sharing the link with your friends, using the bait of something alluring...in some cases they will even lead you to pricey premium rate mobile phone subscriptions, online surveys that generate the scammers income, or trick you into downloading malicious code onto your PC."

And advised that, "Don't be duped. If you're a Facebook crack-addict then try to resist the urge of falling for the latest scam, and wait for Facebook to properly roll-out new features as and when they choose."

Fake Verification of Twitter account could lead to Phishing and Credit Card theft

The verification of somebody's account on Twitter is a pretty big deal as you as an user cannot do anything about it. It is only if you are recognizable by thousands of people that Twitter verifies your account.

The chance to get a verified account on Twitter can seem very tempting and that is how somebody operating Twitter account 'Verified6379' is scamming people into divulging their payment details.

The user which claims to be an 'Official Verification Page' of Twitter redirects you using a shortened Goo.gl URL and lands you on a page that looks like twitter.

The page then demands secure information like username, password, credit card numbers and others to verify your account.

The URL has seen over 18,000 hits over the last month.

Don’t click every link to read sensational stories on social networking site

Credits: Symantec

Sensational stories! Wow, the only one thing common which we all love. Especially on social medias, we do not think even hesitate before clicking any sites or email to read such stories.

However, researchers say that we need to be vigilant and skeptical when reading sensational stories on social media sites or in emails.

People should visit trusted news sources for information instead of clicking on random links online, go directly to your trusted news source because few days ago, a Brazilian singer and songwriter Cristiano Araújo lost his life in a car accident.

After his death, Symantec started to observe malicious spam email using the news as a lure. Some of the spam emails attempt to entice users into downloading video footage of the accident. If users click on the Google Drive URL found in the email, they will end up downloading malware. The malware is detected as "Download.Bancos", a well-known banking malware that has been plaguing South America for a while now.

Once the initial malware, a downloader, infects the computer, it will download Infostealer.

Security researchers from Symantec Security Response wrote in the blog that their telemetry on the malware distributed by this spam campaign shows it targeting users in Brazil and Venezuela.

“Symantec advises users to be cautious when it comes to emails crafted around popular news stories such as the one discussed in this blog as they may be malicious. This type of social engineering is not limited to email and users should also be careful on social media sites as similar tactics can also be used,” the researcher added.

The researchers strongly suggest that never install applications or do surveys in order to view gated content. It's a trick to put money in the pockets of scammers and anyone’s computer or device is at risk to malware.

“Report suspicious content. Do your part by reporting this type of content as spam,” the blog read.

Acai Berry Diet Facebook spam attack: Don't buy, don't try, don't reply, says expert

Most of the Facebook users would have noticed various websites promoting Acai Berry diet products. Sometimes, even our friends recommend Acai Berry advertisements on Facebook. However, think twice before you click on those links. If you do, you end on some diet supplement scam page.

In the Acai Berry scam, we can only see two successive postings on our Facebook Timeline without our permission. Like:

“Successfully results in this particular health solution.”

Then, here comes a follow-up post as if anyone has forgot

“The link, hehe.. http://goo.gl/xxxxxx.”

Paul Ducklin, a computer security expert, wrote on Naked Security's blog post “You'd be right to be suspicious, at least if you know your friend is competent in English, because some of the phrases stretch the limits of comprehensibility. However, we're guessing that there are two postings in order to add some kind of human-sounding realism.”

He added that it was understandable that automated bogus messages wouldn't forget the link in the first place. And secondly, humans would rush to correct their error with comments saying "hehe."

The expert said that short links like: goo.gl URLs have been used in the campaign and seem to have redirected to URLs.

For example: [hexdigits].my.test/[letters]/image_[hexdigits].jpeg

“If you click through to the buy page and check the very limited disclaimers and FAQs there, you'll find that the product only helps you to lose weight if you combine it with a diet specifically designed to make you lose weight. So, assuming that you spot the scam for what it is before you fill in your credit card number on the buy page, and bail out, you should be OK,” he added.

“Don't buy, don't try, don't reply,” he wrote.

He suggested that if anyone gets to know about he/she has been posting ‘out-of-character posts’ without his/her approval, please check the following:

•             Is your computer patched and up-to-date?
•             Is your anti-virus up-to-date and running properly?
•             Has someone else been logging into your accounts?
•             Did you use the same password on multiple sites?
•             Have you authorized any apps to access your social media accounts?   

Celine Dion's website becomes unusual spam launchpad, astonishes fans

Singer Celine Dion recently had her website showing something unusual. The Canadian vocalist’s website viewed a hockey related spam, surprising her fans all over the world.
(pc- malwarebytes.org)

Partial text below:
///Fox Tv//Czech Republic vs Austria Live Stream Hockey World Championship Online
Watch Czech Republic vs Austria Wild live lead series 2015, TODAY Watch Canadiens vs. Senators Live Online Video Streaming, NHL playoffs 2015: Time, TV schedule and how to watch Game 3 online, Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live Free Sports Live Streaming - Channel 1.Watch Czech Republic vs Austria Wild Stream Stanley Cup Playoffs Live - Free Sports Live Streaming - Channel 1.You can follow Game 2 with CBC Ottawa as Dan Séguin and Stu Mills live-tweet from inside and outside the Bell Centre in Montreal.Ottawa Senators Curtis Lazar gets hilt by Montreal Canadiens Alexi Emelin during first period action at the Bell .... LIVE: Ottawa Senator

Official sites of celebrities as spam launchpads are somewhat unthinkable.  Posts of “online free video streaming” are usually posted on sites which offer free registration and nonexclusive posts. Dion, therefore, is definitely an exception.
(pc- malwarebytes.org)

The spam was seen on the celebrity’s photo gallery in her website. It is similar to the posts on the website ‘malwarebytes unpacked’ as it resembles the spam posts on steam (blogging domain like slideshare, twitter, soundcloud etc.).

The issue is however with a plugin allowing registered users in the site to upload fan photographs. The admins might have foreseen the spam images appearing with the clickable text. The visitors are then asked for personal information and payment details after clicking on the spam link.

Beware of emails with resume attachments as Phishers still use JavaScript attachments

Beware of emails with an attached resume from a job applicant because some of the hackers are still using old JavaScript attachments to deliver the CryptoWall which could leave people in great trouble.

In an article by Brian Bebeau posted on SpiderLabs Blog (Trustwave SEG Cloud), mentioned that recently, it was noticed that a spam run of emails which contained an attached resume from a job applicant. The attachment, with a file extension ‘.js’, was in plain-text and consisted of JavaScript.

After some days, the next spam was noticed which looked more serious and zipped the attachment. The hackers tried to give the attachment a MIME type of "image/png" in order to appear it as an image among the people.

If anyone retrieves the picture, it will turn out to be a Windows executable.

Bebeau wrote that after analysing the file, they came to know that this is a Cryptowall ransomware variant. So, if anyone opens the attachment to look a resume or picture, he/she could end up with his/her entire system in trouble.

He added that some group of spammers also uses JavaScript to hide their phishing attachments. Instead of a resume, they used that old standby, the common account phish.

Bebeau wrote that people can verify an email by looking at the header addresses, before opening the attachments.

Subject lines include:

- Un-authorized User
- Verification Required
- Must verify your account
- Validate account

He said that it is said that people’s account has been limited or disabled, and that to restore their account, they must follow some steps in the attachment.

Now, the attachment is an HTML file with a JavaScript section which instructs people to turn on JavaScript. If they view the attachment in a JavaScript-enabled browser, it creates a form which asks for their personal information.

The form asks for peoples’ social security number and their credit card number along with their name and address. And if anyone fills it and clicks submit button, his/her all data goes to a server in Russia.

According to Bebeau, if people can examine an attachment carefully, it can be a useful to pull JavaScript code for content blocking.

He wrote that, Trustwave SEG Cloud, blocked around 200 of these phishing messages within three days. People should not turn on JavaScript even if some email asks them to do so.