Facebook is facing no shortage of attacks from scammers. Yesterday, I posted a blog about a recent scam being circulated on the Facebook network and only a few hours later, we uncovered yet another one. The goal of this scam remains the same as earlier one, namely to coerce Facebook users into completing various surveys which in turn generate money for the scammer. The interesting fact about this scam is that it is not only posting the malicious message to the wall of the victim’s friends, but it also gets a list of online friends to send them chat message like “hey you are still there?Check my wall for the link ^_^ It showed me who viewd my profile. Amazing :p" with a link to the malicious domain. Here is what the wall posts look like:
When a user clicks on the links in the message, they are presented with a fake pop up displaying how many friends are supposedly viewing the victim’s profile. Here is a screenshot:
Remember, this is fake message and each time it is accessed, it simply generates a random number– this has nothing to do with actual users viewing your profile (something that Facebook does not share). The page also suggests that the user must copy and paste JavaScript into the address bar, which will of course execute the JavaScript in the context of the victim. This is similar to the earlier scam. Once the user runs that malicious code, they are presented with some fake messages requiring that they undertake surveys or view additional messages: Here are the screenshots: 
As mentioned, the attack also sends chat messages to online friends in order to further spread the attack. Here is the screenshot of the associated source code:
The malicious code also forces the victim to become a fan of “OSAMA” Facebook pages. Here is the screenshot of that code:
Facebook is currently losing this cat and mouse game. As quickly as they take scams down, new ones appear and take their place, each time evolving the tactics slightly to evade detection. This is second scam we uncovered in only a few hours. Facebook needs to do a better job protecting its users. Both of these scams use the same techniques of social engineering users into pasting JavaScript into the URL bar – something that we’re seeing on a more regular basis and something that would never be required by a legitimate page.Nasty Scams!!!
Umesh
