Facebook’s hot body dance videos and malware

Another interesting post on Sophos’ Graham Cluley’s blog.

Maybe when you received the email you didn’t think it was suspicious, or even if you did maybe you thought it was worth the risk.

Subject: Facebook message: Cute Girl Top Model Dancing
Message body: News from Facebook – Facebook Hot Body Dance Video Competition! Today: “Girls in beautiful black underwear dancing in the pub, showing off perfect bodies. Unbelievable Final!”

Of course, the spammed-out emails aren’t really from Facebook – and if you look carefully at the URL you are about to click on you would realise that it was taking you to a third-party website instead of the social networking site.

But I suspect that there’s a good proportion of people who would click on the link, and this is what they would see.

Well, that’s not quite what you see. I’ve edited the image a little in case anyone is feeling a little bit squeamish.

The website is pretending to be Facebook and it shows a preview frame from a sexy dance video. If the tease piques your interest then all it says you need to do is download an “updated” version of Adobe Flash to view the movie.

Those with an interest in IT security know by now that they should only ever download a new version of Adobe Flash from Adobe’s own website, but there are plenty of people out there who don’t know that that’s the sensible thing to do.

And that’s who these hackers are preying upon. People who don’t realise that a quick thrill might result in a longterm loss of their identity, data or the contents of their bank account.

Article by: Graham Cluley, Sophos.