Hippo-vomiting Anaconda scam targets Facebook users

Sophos is warning Facebook users about a virally spreading survey scam. The attack involves a rogue application that automatically posts status updates and wall posts on affected user profiles with the following message:

“OMG, this is the biggest and scariest snake I have ever seen, check out this video [LINK REMOVED]”

The link takes users to a rogue Facebook application which tricks them into granting permission for the app to access their profile, list of friends and to be allowed to re-post the offending message as a status update and wall post.

Once a user has granted access to the application, they are then directed to complete online surveys with the promise that only then can they see a video entitled “Anaconda Coughs Up An Entire Hippo!”

“This is one of the most bizarre scams we have ever seen on Facebook, but its purpose remains familiar – the rogue application sends spam to draw Facebook users into taking these surveys,” said Graham Cluley, senior technology consultant at Sophos. “Each time a victim completes a survey, the scammers make some commission. Even if you don’t take the survey, the rogue application has already abused your Facebook account – changing your status message and spreading an advert for the alleged ‘shocking video’ to your news feed, spreading the scam even further.”