December 10, 2012

'Jacked Frost' Facebook Scam Goes Wild and Doubles Over the Weekend

Elad Sharf Security Researcher

Last week we wrote a blog about a Facebook scam that appeared to spread rather aggresively. We decided to nickname the scam "Jacked Frost." The Websense® ThreatSeeker® network detected that the scam has increased and multiplied over the weekend - particularly on Saturday where we saw the amount of unique URLs related to this scam double. This shows how cyber crooks time their attacks to times where users are more laid back and when the security community is less likely to alert users on this type of threat.

Here is the link to our blog that describes this in more detail. The scam spreads using clickjacking techniques and employs a mass number of varied scam hosts by using the infrastructure of the legitimate service at freedns.afraid.org.

 Websense customers are protected against this threat with Websense ACE (Advanced Classification Engine). 

A graph showing the volume of unique scam URLs vs. active URLs (available URLs) over the past few days: 


Screenshot of the scam's main page: 


How the scam looks like in Facebook's new feed. The scam uses varied sexual implied images and varied enticing wording to lure for user's clicks:


About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.