Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

"Lost Weight" Spam Campaign Spreading on Facebook and ibibo

View all posts > 

"Lost Weight" Spam Campaign Spreading on Facebook and ibibo

Posted: 15 Dec 2011 11:20 PM | uwang | no comments


Websense® ThreatSeeker® Network detects that a new spam campaign is spreading on Facebook and ibibo (a popular game site in India). The content of the spam messages is: "Lost 30 pounds in just 4 weeks all thanks to hcg. Check it out: http://spam_url".

We have seen a number of similar spam campaigns on Facebook such as, "Sexiest Video Ever" on Facebook", "Osama bin Laden scams on Facebook", etc. But, unlike previous campaigns which took advantage of a hot topic to lure visitors to click the link in the spam post, here the attackers publish a comment in the name of the account owner: "Never thought losing weight could be so easy!!!". With this method, some of the account owner's friends can be tricked into clicking the spam link:

 

For the Facebook version of the attack, the attackers abused the blogspot.com service. Here are some of the URLs used for the attack:

http://learn-how-to-be-thinghhfwi.blogspot.com

http://learn-how-to-be-thing3lk8o.blogspot.com

http://find-out-how-to-be-thing5nuhl.blogspot.com

http://find-out-how-to-be-thingpmgbg.blogspot.com

http://learn-how-to-be-thingiihfz.blogspot.com

http://learn-how-to-be-thing4m4wr.blogspot.com

http://learn-how-to-be-thingrebrl.blogspot.com

http://learn-how-to-get-thingqvg34.blogspot.com

http://learn-how-to-be-thing0jk0h.blogspot.com

http://find-out-how-to-get-thingczign.blogspot.com

The spam link redirects victims to another spam site. At the moment, the spam site is unavailable, but the attackers can always update the sites with malicious content.

http://ad2ac.com/?s=15yy1

http://zcwqa2.com/?s=15yy2

The spam link used in Ibibo is new registered sites. Still unavailable now.

http://diet-news.m9q.report.qfz.htttp96.com/

http://diet-news.1tc.report.n8e.httpai.com/

http://diet-news.gxf.report.wxb.htttp92.com/

http://diet-news.ejp.report.3ok.http1m.com/

http://diet-news.z1o.report.yl9.httpv1.com/

http://diet-news.e86.report.i63.http1n.com/

http://diet-news.d8b.report.1b2.httpao.com/

http://diet-news.4rv.report.ezi.httpum.com/

http://diet-news.ice.report.75l.httpmn8.com/

http://diet-news.wja.report.95k.htttp45.com/

http://diet-news.aki.report.uks.httpy4.com/

http://diet-news.5fh.report.yeb.http1c.com/

http://diet-news.ly8.report.o4i.httpvv8.com/

Websense customers are protected from these threats by ACE, our Advanced Classification Engine.


Filed under: , ,

Leave a Comment

(required)  

Email address: (required)