NEWS: False codec scam hits Facebook users
Sophos is reporting a new false codec scam aimed at Facebook users. Malicious posts, apparently from ‘friends’, state:
<name>, this is without doubt the sexiest video ever!😛😛😛
Candid Camera Prank [HQ] Length: 3:17
This is accompanied by a thumbnail involving a young lady, an exercise bike and a very short skirt. But clicking the link invokes the false codec scam: sorry, you ain’t got the right video player installed, click here.
You may want to watch a sexy video, but you’re more likely to end up being plagued by pop-up advertising. Not only is adware being installed on your computer, but the rogue Facebook application is posting the same message to all of your friends’ accounts. It’s no surprise that your friends might click to watch the movie when it looks to all intents and purposes that you are the person who has sent it to them.
If you fell victim to this attack, scan your computer with up-to-date anti-virus software, change your passwords, and review your Facebook application settings and remove whatever application was installed during this attack. 70% more Facebook users are reporting being attacked by malware via the site in the last year, and the problem only seems to be getting worse. Social networking users need to learn not to fall for simple but effective social engineering tricks like this in future.
Graham Cluley, senior technology consultant, Sophos