Malware claims to show naked videos of Facebook friends, infects computers: SSO Alert Priority Moderate
18 March 2014
Facebook users are being tricked into clicking a link claiming to show your friends’ ‘naked videos’ but clicking the link installs Trojan malware to your system.
Security software company Bitdefender, has warned that more than 2000 computers have already been infected by this malware.
The computers have mainly been identified in parts of Europe, such as Romania, the UK, Italy, France and Germany, but it warns that the malware can quickly spread to other parts of the world, including, of course, Australia.
If you are a Facebook user, you should be aware of this attack. The malicious link appears as an advertisement on your Facebook timeline showing one of your own friends’ photos and a variation of the message about viewing their naked video, such as ‘[user’s name] private video’, ‘[user’s name] naked video’, or even simply ‘XXX private video’.
If you click this link, you are sent to a realistic looking mock-up of a YouTube page where you are prompted to install (fake) Adobe Flash Player update in order to watch the video.
This attack is particularly dangerous as it tries to automatically install malware on your computer as soon as the mock-up YouTube page loads. Your anti-virus software should detect the malware and stop it from installing, but by asking you to click the link that claims to install the bogus Adobe Flash Player update, it has a second attempt at installing the malware.
To make the fake YouTube page seem credible it reminds you that the video is ‘age-restricted’ based on ‘Community Guidelines’, and features more than two million views.
Image credit: Bitdefender
Once installed, this malware will steal your Facebook pictures and post the same type of ad on your Facebook friends’ timelines, claiming to show naked videos of you. This way, the malware is able to spread and infect other computers.
Do not click these advertisements or links.
If in doubt, contact the friend that appears in the link and ask if he or she is aware of it.
If you are concerned you might have downloaded this malware, use your security software to run a scan of your computer. You may also choose to seek specific technical advice from your local support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.