Reports of another javascript-based spam scam doing the rounds in Facebook

Published: 2011-05-12. Last Updated: 2011-05-12 08:38:17 UTC
by Chris Mohan (Version: 1)
2 comment(s)

We have received reports of another JavaScript-based spam scam doing the rounds in Facebook.

This one involves a friend's profile posting a link to your wall.

Should you click on the link in the friend's post , the JavaScript code send spam to your Friends list and so the snowball spam effect grows.

TrendMirco's malware blog had a good write up of the attack method here:

http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/

Sounds like introducing friends and family to NoScript Firefox extension [1] would be one way to avoid a large number of phone calls of "Help!" over the next few days.

Thanks to reader Roseman and others for writing in with details.

 [1] http://noscript.net/

 

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: Facebook
2 comment(s)

Comments

Sophos now has a write of the early part of this event (before it had mutated much):
http://nakedsecurity.sophos.com/2011/05/12/preventing-spam-scam-on-facebook-does-exactly-the-opposite/

roseman

May 12th 2011
1 decade ago

The Sophos writeup says the javascript behind this is retrieved off an .info domain. What domain is it and has that domain been reported to malwaredomains.com?

John Hardin

May 12th 2011
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives