Last week we wrote a blog about a Facebook scam that appeared to spread rather aggresively. We decided to nickname the scam "Jacked Frost." The Websense® ThreatSeeker® network detected that the scam has increased and multiplied over the weekend - particularly on Saturday where we saw the amount of unique URLs related to this scam double. This shows how cyber crooks time their attacks to times where users are more laid back and when the security community is less likely to alert users on this type of threat.
Here is the link to our blog that describes this in more detail. The scam spreads using click-jacking techniques and employs a mass number of varied scam hosts by using the infrastructure of the legitimate service at freedns.afraid.org.
Websense customers are protected against this threat with Websense ACE (Advanced Classification Engine).
A graph showing the volume of unique scam URLs vs. active URLs (available URLs) over the past few days:
Screenshot of the scam's main page:
How the scam looks like in Facebook's new feed. The scam uses varied sexual implied images and varied enticing wording to lure for user's clicks: