You are here

Home:Blogs:"Lost Weight" Spam Campaign Spreading on Facebook and ibibo
X-Labs
December 15, 2011

"Lost Weight" Spam Campaign Spreading on Facebook and ibibo

Ulysses Wang
Social Media Web Security

Websense® ThreatSeeker® Network detects that a new spam campaign is spreading on Facebook and ibibo (a popular game site in India). The content of the spam messages is: "Lost30poundsinjust4weeks all thanks to hcg. Check it out: http://spam_url".

We have seen a number of similar spam campaigns on Facebook such as, "Sexiest Video Ever" on Facebook", "Osama bin Laden scams on Facebook", etc. But, unlike previous campaigns which took advantage of a hot topic to lure visitors to click the link in the spam post, here the attackers publish a comment in the name of the account owner: "Never thought losing weight could be so easy!!!". With this method, some of the account owner's friends can be tricked into clicking the spam link:

 

For the Facebook version of the attack, the attackers abused the blogspot.com service. Here are some of the URLs used for the attack:

http://learn-how-to-be-thinghhfwi.blogspot.com

http://learn-how-to-be-thing3lk8o.blogspot.com

http://find-out-how-to-be-thing5nuhl.blogspot.com

http://find-out-how-to-be-thingpmgbg.blogspot.com

http://learn-how-to-be-thingiihfz.blogspot.com

http://learn-how-to-be-thing4m4wr.blogspot.com

http://learn-how-to-be-thingrebrl.blogspot.com

http://learn-how-to-get-thingqvg34.blogspot.com

http://learn-how-to-be-thing0jk0h.blogspot.com

http://find-out-how-to-get-thingczign.blogspot.com

The spam link redirects victims to another spam site. At the moment, the spam site is unavailable, but the attackers can always update the sites with malicious content.

http://ad2ac.com/?s=15yy1

http://zcwqa2.com/?s=15yy2

The spam link used in Ibibo is new registered sites. Still unavailable now.

http://diet-news.m9q.report.qfz.htttp96.com/

http://diet-news.1tc.report.n8e.httpai.com/

http://diet-news.gxf.report.wxb.htttp92.com/

http://diet-news.ejp.report.3ok.http1m.com/

http://diet-news.z1o.report.yl9.httpv1.com/

http://diet-news.e86.report.i63.http1n.com/

http://diet-news.d8b.report.1b2.httpao.com/

http://diet-news.4rv.report.ezi.httpum.com/

http://diet-news.ice.report.75l.httpmn8.com/

http://diet-news.wja.report.95k.htttp45.com/

http://diet-news.aki.report.uks.httpy4.com/

http://diet-news.5fh.report.yeb.http1c.com/

http://diet-news.ly8.report.o4i.httpvv8.com/

Websense customers are protected from these threats by ACE, our Advanced Classification Engine.

UW

Ulysses Wang

Read more articles by Ulysses Wang

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.
Learn more about Forcepoint