Monday, April 11, 2011

Facebook “Play Twilight Breaking Dawn. Be The First to Play” Scam

By Cesar Ortiz
Multiple sources are reporting this survey click jacking malware spreading fast over the Web. In this scam, users receive a message from friends saying John Doe (replace with one of your friends) likes this link. The complete scam text is; “Play Twilight: Breaking Dawn Be the first of your friends to play the awesome new Twilight game on Facebook!” Users are taken to a Facebook page which to all intents and purposes appears to be promoting an online game, being used to market Twilight Breaking Dawn with an official photo, logo and typeface and a “Play Now” link embedded in the photo.

If you click on the button marked "Play Now" you will be click jacked by the malicious malware into saying you "Like" the link, thus spreading the link virally to your Facebook friends. The “Play Now” button has a hidden element script. The harm done so far is that you are spreading the scam to your friends, but, in order for the hacker to make money he needs users to do more. When you click “Play Now”, you are then presented with a “Request for permission” for a third party application to access your Facebook account, and post messages, updates and photos to their wall.

As soon as permission is granted, the hacker now has the ability to now post to your Facebook account. The scammers now present the final piece of the plot: an online survey which earns them affiliate commission for each person who completes the questionnaire and, worse, use what ever other more serious malicious tools they may have in their arsenal. To remove this hack, users will have to do two things (1) Remove the subject messages by clicking on the small “x” to the right of the message, this stops spreading the scam to your friends and (2) remove any related application in the “Profile Information”, “Privacy settings”,  “Application websites” such as “Play Breaking Dawn”.

No comments: