Facebook Scammers Revive Technique of Employing JavaScript

With malevolent Facebook applications being already all-pervasive for deceptively posting content onto members' walls, there are more-and-more manual script assaults occurring, causing numerous users to get victimized everyday, thus published Help Net Security in news on May 6, 2011.

Earlier scammers used to apply the method of distributing fake software to proliferate their scams via social-networking websites. Prior to that, their tendency was for tricking users into replicating scripts onto the address bar of their Web-browsers for attaining the identical outcome.

But, with users getting used to overlooking a certain method of cyber-criminals, while Facebook is also getting increasingly better at detecting and preventing the fake software, the replication of scripts is coming back in vogue.

Using a socially-engineered message, the end-user is enticed for visiting a specially-crafted website. Meanwhile, nowadays the always preferred "See who viewed your profile" has greater utility for the criminals as users' bait; however, other baits are like promising non-chargeable credits to users for online games and so on. However, once lured, the user may land on a Facebook web-page, a page of the website's application alternatively, a distant website registered on a random domain. Thereafter, the visitor will be prompted for replicating certain plain appearing JavaScript onto the Web-browser and then hitting the OK button.

And lest the instructions don't appear lucid to the user, scammers add an animation file attachment depicting the entire procedure of how the user should execute the instructions. And when they're executed, another prompt tells him to complete a questionnaire for the results. Meanwhile, the malicious JavaScript carries out the tasks it's designed for.

Additionally, given the modifications from the attacker, a fresh lure will get posted onto the web-page of the user via the JavaScript, messages get dispatched to friends, user's name get tagged in post images alternatively chat messages, else an event too get created with invitations sent to all of the user's contacts, describes Symantec.

Nevertheless, this kind of problem occurs in other social-networking websites too besides Facebook. Efforts are on for eliminating them. Despite that users must remain watchful as also tread cautiously while browsing on social networks.

Related article: Facebook Users Should be Careful of a Computer Virus

» SPAMfighter News - 5/12/2011