Scam Signature Message:
[Full Facebook Name] is in the leading role. Shoking performance!
Scam Type: Malware
Trending: July 2011
Why it’s a Scam:
BitDefender discovered a new social engineering attack on Facebook this week. Facebook users are tricked into believing a YouTube video of them has been posted online. The ruse is particularly convincing because the victim’s correct Facebook profile name is used, and it also appears that some of their friends have commented on the video.
When the user clicks on the video link they receive a notification that they need to update their flash player. There is no update at all, instead the downloaded file is a trojan known as Trojan.FakeAV.LVT. This sophisticated trojan contains fake anti-virus software with a malware downloader and botnet attributes. This allows the continued spread of the malware.
After the file is downloaded, the user is prompted to reboot their system. When the system restarts, the current anti-virus is uninstalled and is replaced by the fake anti-virus program.
Catalin Cosoi, BitDefender’s lead antimalware researcher stated “Trojan.FakeAV.LVT takes social engineering to a whole new level by presenting the user with extremely convincing scenarios at each stage of the process. The video looks and feels real as it contains your name in the title, as well as comments from your Facebook friends. Meanwhile, fake antivirus solutions used to be easy to spot, as they’re often completely different to the one that you have installed onto your system. However, Trojan.FakeAV.LVT is deceptively clever as it is capable of replicating almost any antivirus or online security software on the market today.”
As precautionary measures, only update Flash from Adobe’s website, and it would be better to go directly to YouTube and search for a potential video you appear in. Don’t click on notification links, messages or Facebook comments advising you of the video.
How to Deal with the Scam:
If you did install the malware, then you need to shut down your system and boot from an anti-virus recovery cd or other bootable media. Most anti-virus software packages allow you to create a bootable disk just in case your system is ever compromised or rendered useless by a malware attack.
If you or your Facebook friends are falling for tricks like this, it’s time to get yourself informed of the latest threats. Be sure to join the Facecrooks page on Facebook to be kept informed of the latest security issues. Also check out:
We also recommend that you install Safego by BitDefender. It is a Facebook application that will scan your News Feed and help keep you safe from scams like this.