PALO ALTO, Calif.—Beware, Facebook friends of friends, there is a scam afoot, and a nefarious one to boot. Brought into the light Monday, courtesy of Sophos, it involves an innocuous-looking message link placed on people’s walls, supposedly by friends.
“The messages read:
“<name>, this is without doubt the sexiest video ever! :P :P :P
“accompanied by what appears to be a video with the title ‘Candid Camera Prank [HQ]’. The message has what appears to be a movie thumbnail of a woman on a bicycle wearing a short skirt, and the video's length is given as 3:17,” reported Graham Cluley for Sophos.
If you click on the thumbnail, however, “you don't view a video at all, but are instead taken to a Facebook application. When I tried for myself the application failed to run (maybe Facebook has already taken action?), but according to reports from users it told them that their video player was out-of-date and urged them to download a file.”
The file contained is actually an adware program that is using stealth instead of honesty to have its way with Facebook folk. Worse, “Users then report that the same video was posted (using their avatar and name as though they had posted the message) to their Facebook friends and acquaintances, thus spreading even more quickly.”
It looks as if the ruse has been interrupted before too many computers were affected, but the damage in terms of trust may be more long-lasting. That may or may not be a bad thing.
Patrick from Websense Security Labs actually put together a two-minute video that walks people through the con, available for viewing on Sophos.