Hackers Using Fake Facebook Profiles to Peddle Fake Antispyware

By Matthew Harwood

Hackers have discovered a way to automate the creation of fake Facebook pages to peddle fake antispyware, underlining once again the threats organizations face when they let employees use social networking sites, a security researcher warned.

Roger Thompson, chief of AVG Technologies, yesterday blogged that the company's web scanning tool, Linkscanner, kept detecting rogue spyware attacks that originated from Facebook.

Going in for a closer look, Thompson discovered that the same Facebook profile and picture kept popping up but with different profile information. Each profile page advertised that you could watch a video of the same cute 22-year-old girl whose profile it was supposed to be. 

Once Thompson clicked on the link, he received what he thought he would: a box warning him that his computer maybe infected with viruses and malware.

It's just one more way for hackers to perform the same old scam.

The cybercriminals then run a fake program telling the victim that their scanning software discovered multiple threats. They then ask victims to download the latest antispyware.

"If you do that step, then they really got you, because they have some software running on your computer," he said. From there on out, the malicious software will harass the victim to buy the software for about $60 with a credit card. If they give in and buy it, the cybercriminals will have their victim's credit card number.

"Once they've got your card number, who knows what they do with it," he said.

Thompson told Security Management that this ruse was the first time he had seen Facebook used to sell fake antispyware.

What's also interesting, he said, is that hackers must have found a way around Facebook's CAPTCHA, the blurry letters and numbers Web sites make you type in to ensure you're indeed a human user.

"A typical technique is to use an existing botnet to break them by showing the CAPTCHA to someone who's already botted and saying 'Windows needs you to type these letters in within 30 seconds, or Windows will shut down,'' he said. "The unsuspecting victim solves the CAPTCHA."

While Thompson said this scam only wanted to sell the fake antispyware, the technique is an easy way for hackers to get through company firewalls. Generally companies believe their firewall or antivirus will protect them against the various threats stalking cyberspace.

"The truth is that when you're doing anything on Windows, you go straight through the corporate firewall," Thompson said. "When you start a Web browser, you start it from inside the firewall, so it's automatically trusted. It creates an instant tunnel through the firewall and you visit a Web site of hostile intent, the code can come straight back to that machine and have a chance at executing."

Unfortunately for companies, there isn't a lot of things for them to do to prevent such social-networking-based attacks.

"The best thing consumers can do is to develop a healthy sense of skepticism," he said.

Thompson regularly tells his kids half-jokingly when using social networking that they probably don't have a secret admirer.

Another way of putting it he says is this: "The pretty Russian girl that wants to be your friend, probably isn't."


Screenshot of Fake Facebook page taken at AVG Blogs.

♦ Photo of a Facebook CAPTCHA by frqdr/Flickr



Panda is the best I have tried many antiviruses of the market and by detection and resource consumption , and easy antispyware download Panda is the best.

View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.