“Laura Frisian: the most beautiful ass in the world!” scam hits Facebook

Posted: 3rd January 2012 by infosecindia in News, Scam, Social Networks
Tags: , , , , , , , , , , , , , ,
1

A new scam has been reported on Facebook, wherein a video link titled, “Laura Frisian: the most beautiful ass in the world!” is floating around. According to a researcher at Kaspersky Labs, David Jacoby, the JavaScript behind the link is filled with obfuscated code and multiple domains. It seems that the server used in this scam is hosting about 300 pages similar to this one.

All of the pages look the same, but have many different videos, a few examples are:

  • If you like Nutella, never look this video!!!
  • Drill a tooth abscess! Disgusting :s
  • Compilation of Embarrassing and Busted! Photos, Awesome :D
  • Transgender 10-Year-Old, Boy Happier As A Girl !
  • A Really Giant Baby ! Amazing it looks so real :D
  • Air Race Plane Crashed in the crowd during a show !
  • The worst thing that can happen to a girl!
  • A fisherman catches a couple when they make … :D

If you click on the link to the video you will end up on a splash page, on this page you will be exposed to a clickjacking/likejacking attempt. This means that if you try to watch the video, or any other video on the page it will automatically post things on your Facebook wall. This require that you are logged in to Facebook or have been logged in and your cookie is still active. There are two different splash pages, one if you are logged in to Facebook, and one of you are not. Please see screenshots below:

If you are not logged in to Facebook


If you are logged in to Facebook

The full landing page looks like this:

“The JavaScript code is obfuscated and packed, this makes the entire debugging more difficult, but during the research I have identified several domains connected to this scam. It also seems that they use redirectors to prevent URL/Domain blacklisting, and there are also several different scams on each server,”  Jacoby explained.

It seems that the purpose of this scam is to expose you to ads, and also automatically get you to like certain ads. This will generate both traffic and money for the guys behind this.

If you see this on Facebook, please report it as spam, this will allow the Facebook Security Team to deal with this much faster.

 

  1. Benjamin says:
    January 6, 2012 at 6:32 am

    Achter deze link zit een virus

    Reply


7 × one =