Facebook “ The president is finally taking charge!! !" Scam Spreading Virally

By Cesar Ortiz

In this malicious attack, scammers are after your Facebook user name and your password. Since the scam is spreading at an alarming rate and thousands of Facebook users have fallen into the trap, the scammers will make thousands of US dollars by selling in bulk, the users name and passwords. The actual price for a single Facebook user name and password in the black market bids web pages fluctuates from $1.50 to $1.75.

The scam begins with a very “Facebook looking” message from one of your friends, already a victim of the attack. The message looks like a YouTube video of President Obama at a press conference. At the left of the message is a photo of the president framed by a YouTube interface with all the video controls showing. The text reads as follows:

“The president is finally taking charge!!

statistics.mit.edu (Link)

Is this is really for real?”

The image looks like a thumbnail but if a user clicks on it, the following events will happen behind the scenes; (please assume you are the victim) you are redirected, using a malicious script, to a real MIT webpage and immediately, automatically taken to a very, very,  professional looking, but phony, Facebook login page. This page is designed to steal your username and password from you. In the background, the malicious script is also sending the same message you received to all your friends therefore propagating the scam. Your user name and password are stolen from you the moment you click the blue "Login" button in the fake screen.

By the time you read this post, Facebook will have blocked the original scam addresses, but hackers quickly change to alternate sites to keep the scam alive as much as they can. Anti-virus and malware detection and cleaning software providers will come out with a detection and removal update. All this counter actions take about a week or more, enough for the criminals who run the scam to make money.

If you or a friend has been victimized with this scam, the following actions have to be taken. (1) Change the Facebook password immediately (2) Run a full scan, not a quick one, of your anti-virus or malware detection software (3) Notify the friend that sent you the scam (unwillingly) (4) Notify all your friends that you sent them the scam message unwillingly. Since we don’t have the hacker’s scripts, we don’t know what the script will do in your Facebook account. Look for changes in your contents, but most of all, run the anti-virus and malware detection tools in full mode to detect any malicious script injected in your computer and or Facebook page and change your password immediately.