Our Blog

"Lost Weight" Spam Campaign Spreading on Facebook and ibibo

Share

Thursday, Dec 15, 2011

Websense® ThreatSeeker® Network detects that a new spam campaign is spreading on Facebook and ibibo (a popular game site in India). The content of the spam messages is: "Lost30poundsinjust4weeks all thanks to hcg. Check it out: http://spam_url".

We have seen a number of similar spam campaigns on Facebook such as, "Sexiest Video Ever" on Facebook", "Osama bin Laden scams on Facebook", etc. But, unlike previous campaigns which took advantage of a hot topic to lure visitors to click the link in the spam post, here the attackers publish a comment in the name of the account owner: "Never thought losing weight could be so easy!!!". With this method, some of the account owner's friends can be tricked into clicking the spam link:

 

For the Facebook version of the attack, the attackers abused the blogspot.com service. Here are some of the URLs used for the attack:

http://learn-how-to-be-thinghhfwi.blogspot.com

http://learn-how-to-be-thing3lk8o.blogspot.com

http://find-out-how-to-be-thing5nuhl.blogspot.com

http://find-out-how-to-be-thingpmgbg.blogspot.com

http://learn-how-to-be-thingiihfz.blogspot.com

http://learn-how-to-be-thing4m4wr.blogspot.com

http://learn-how-to-be-thingrebrl.blogspot.com

http://learn-how-to-get-thingqvg34.blogspot.com

http://learn-how-to-be-thing0jk0h.blogspot.com

http://find-out-how-to-get-thingczign.blogspot.com

The spam link redirects victims to another spam site. At the moment, the spam site is unavailable, but the attackers can always update the sites with malicious content.

http://ad2ac.com/?s=15yy1

http://zcwqa2.com/?s=15yy2

The spam link used in Ibibo is new registered sites. Still unavailable now.

http://diet-news.m9q.report.qfz.htttp96.com/

http://diet-news.1tc.report.n8e.httpai.com/

http://diet-news.gxf.report.wxb.htttp92.com/

http://diet-news.ejp.report.3ok.http1m.com/

http://diet-news.z1o.report.yl9.httpv1.com/

http://diet-news.e86.report.i63.http1n.com/

http://diet-news.d8b.report.1b2.httpao.com/

http://diet-news.4rv.report.ezi.httpum.com/

http://diet-news.ice.report.75l.httpmn8.com/

http://diet-news.wja.report.95k.htttp45.com/

http://diet-news.aki.report.uks.httpy4.com/

http://diet-news.5fh.report.yeb.http1c.com/

http://diet-news.ly8.report.o4i.httpvv8.com/

Websense customers are protected from these threats by ACE, our Advanced Classification Engine.

About the Author