Facebook Scam Occurs Due to Exploitation of Exploit Kit - Symantec

Security experts of security firm Symantec observe that Facebook scams which were considered as a regular appearance on social networking website have now become increasingly aggressive because attackers are using these scams to exploit a user's system.

For example, the latest "EXPOSED - Mom Makes $8,000/Month from Home" scam, where victims are finally taken to a 3rd party web site that contains an iframe for Nuclear exploit kit.

Researchers of Symantec highlight that earlier the exploit kit, namely 'Nuclear' was known to exploit the Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CVE-2011-3544), Adobe Acrobat, the Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability (CVE-2010-0840) and Reader Remote Code Execution Vulnerability (CVE-2010-0188).

The present variant of the exploit kit (referring to Nuclear EK) abuses the Oracle Java SE Remote Code Execution Vulnerability (CVE-2012-1723) and the Microsoft IE (Internet Explorer) Use-After-Free Remote Code Execution Vulnerability (CVE-2013-2551).

Trojan.Ascesso.A is dropped by 'Nuclear exploit kit', after exploiting the vulnerability successfully and this Trojan can send spam emails and download additional files from a distant location.

The researchers noted that the attackers may tempt victims to share the following link or they may be automatically shared if the victim's computer is infected.

The scammer also earns money in the process if such scam asks the user to complete a survey before the user could see the offer.

Symantec observes that this particular scam has been removed by Facebook but this is just a small bump for the scammers and they will soon reappear with a new trick and therefore, users are requested to be careful while sharing following links with friends.

Symantec advises users to keep their security software updated on a regular basis to avoid scammers from exploiting any known flaws.

Finally, this scam looks quite familiar to an online scam intercepted by online security firm Bitdefender recently. In that scam Facebook urged its users not to click on a link which looked like a video of a woman undressing on a webcam because it could download a virus which could steal their personal data from their infected systems.

» SPAMfighter News - 7/31/2014