Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Reports of another javascript-based spam scam doing the rounds in Facebook InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Reports of another javascript-based spam scam doing the rounds in Facebook

Published: 2011-05-12
Last Updated: 2011-05-12 08:38:17 UTC
by Chris Mohan (Version: 1)
2 comment(s)

We have received reports of another JavaScript-based spam scam doing the rounds in Facebook.

This one involves a friend's profile posting a link to your wall.

Should you click on the link in the friend's post , the JavaScript code send spam to your Friends list and so the snowball spam effect grows.

TrendMirco's malware blog had a good write up of the attack method here:

http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/

Sounds like introducing friends and family to NoScript Firefox extension [1] would be one way to avoid a large number of phone calls of "Help!" over the next few days.

Thanks to reader Roseman and others for writing in with details.

 [1] http://noscript.net/

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: Facebook
2 comment(s)
Diary Archives