BitDefender Released May 2010 E-Threat Report

Cyber-criminals in a new phishing attack are focusing on Facebook, the widely used social-networking website for enticing visitors to answer a questionnaire in exchange for an iPad that's free of cost. But, if the questionnaire is downloaded, an adware actually gets installed on the system that captures the user's credentials.

Says Communication Specialist Bogdan Botezatu at security firm BitDefender, the online crooks have hugely promoted the scam on a web-page for Facebook Events where approximately 2,500 people registered for the event's membership. But most likely the scam victimized those people, Botezatu adds, as per the news published by eSecurity Planet on June 4, 2010.

Reportedly the lure used in the scam is quite uncomplicated. A user is directed to log in so he can examine an iPad product and thereby get the device for free, but after filling up a survey on the item. Most interestingly, when the user reviews the item, it becomes his possession without any payment demand.

Phishers, in this attack, have hidden the scam with a tiny URL which connects with a phishing site initially asking the user to enter some very rational information like his e-mail address and first name. However, it gradually starts asking for more personal details like home address, full name and telephone numbers.

Continuing further, Botezatu states that the attackers, trying to give the scam a legitimate appearance, have used the emblems of reputed media outlets, albeit these institutions are completely clueless of the campaign, reported MALWARECITY on June 3, 2010.

The scam gets even more dangerous when following the data collection exercise, the attacker, in the pretext of a final review of security, demands the user to provide his Facebook account's username and password.

The damage is further maximized with the user, who immediately being phished off his account information is told that he must download an application that is an adware. This adware hacks into the top page of the browser and among others, substitutes the already provided search engine.

Says Botezatu that even as a user may follow all the scammers' instructions, an iPad will hardly ever reach him, nor will he ever again listen from the criminals.

Related article: BitDefender Releases March malware List

» SPAMfighter News - 6/15/2010