Facebook’s Faith: A New Scareware Attack

Thursday, October 01, 2009

Daniel Kennedy


On Thursday morning, AVG researcher Roger Thompson, after sourcing some spyware attacks to a series of Facebook profiles, noted that these few hundred profiles were showing up with the same profile image but different profile information. The home video link on these profiles, belonging to Faith / Emily / whoever, points to the a web site that displays scareware dialogs: netmedtest.com/index.php?affid=30500.

Clicking the video url opens up a browser dialog box suggesting the user has viruses on their PC, suggests a system’s check and opens up a scareware dialog. Scareware is software sold or downloaded via creating a perception on the part of the user of a usually non-existent threat to the user that is typically non-functional or malicious.

The URL itself is registered to accounts with temporary or throw away e-mail addresses, amusingly these services like spambob and mailinator that were intended to help uses avoid spam are used by bad actors as the registration and contact e-mails for registering malicious web site URL’s. The site netmedtest is hosted in Haifa, Israel.

Possibly Related Articles:
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.