New Facebook Scam : WTF I can’t believe you’re … not too malicious seems like prank

actually this doesnt seem really as malicious as it could be. I dont see stealing any cookies.

It just posting to all your friends and when clicked it is forcing you to go to some site which is blocked as suspicious by my bluecoat proxy.

The script it asks to enter in URL links to http://banfish.info/config.js that sends facebook update (XMLHttpRequest()) to all your friends and adds a new script to current page

Message that goes to your friends

the script located as jclock.js (not available now) and locked.js redirects to
hxxp://gateway.wfnetwork.com/widget/contentBlocker.js.php?i=1321
which injects an iframe that asks for survey which goes to
hxxp://wfnetwork.go2cloud.org/aff_c?offer_id=42&aff_id=1321

Even when you click the video it goes to http://whos.amung.us/ which collects stats. May be attacker wants to see how many idiots clicks it.

Luckily my bluecoat proxy blocks it as Suspicious.

Need to check out what is that go2cloud.org

Overall, it seems to be like prank.

Advertisements

About wikihead

A security freak
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s