Wednesday, April 6, 2011

Facebook Scam Spreading Fast: ‘Hey, I just made a Photoshop of you, check it out’

By Cesar Ortiz
Multiple sources are reporting, especially in Europe, and picking up in the US, this new Facebook scam that is spreading via Facebook chat messages. This particular scam usually begins with a Facebook system generated chat message from a friend saying “hey I just made a photoshop of you, check it out: P:” to the left of the text there is a small blurred photo thumbmark.

Once a user clicks on the link, it is redirected via the site used in this campaign (hxxp:// to a Facebook application installation window. The window asks “Request for permission” and the name of your friend as a requestor. If the user clicks “Allow” the rogue malware is installed and immediately begins spamming your friends and family members.  After the application is installed, you are then shown a photo but it is not your photo. The photo shown in a nice frame is of a cute looking puppy dog and inside the frame are instructions that say: “CLICK ON THE PICTURE TO SEE YOURSELF IN A SEXY PHOTOSHOP”

While your attention is diverted to looking at the dog in the picture, a chat message like the one you received is being sent automatically by your installed rogue application to your friends and family. Clicking on the dog photograph takes you to a graphic design blog entry that contains 45 Strange and Funny Photoshop Manipulations – none of which feature a photograph of you. The application can be seen in your profile, if the link was sent to you, under or

This scam is spreading rapidly.  Possibly, because people stare too much at the dog picture. The “spread speed” was 88,000 clicks per hour on April 4, totaling 500,000 at that date. At this time it is unknown what the hacker is up to. The destination site results in no malicious infection and does not lead to a survey scam. 

Having access to a users’ Facebook Chat could allow the scam application to be used to send out other messages. To remove the application, Click the Privacy Settings page and click on "Edit Your Settings" under Apps and Websites. Locate the application (named "millium") in the "Apps You Use" section, and click on "Edit Settings" in order to remove the application. Users should report this event to Facebook as spam.

No comments: