Updated Thousands of Facebook users are reporting that they have been hit by a malware attack posing as a video of young bikini-clad women on a beach.
The messages are posted on the walls of Facebook members, seemingly from their friends and associates on the site, with a thumbnail which appears to be an image of a young woman’s bottom in a bikini.
The messages read:
<name>, this is hilarious! lol :P :P :P Distracting Beach Babes [HQ] Length: 5:32
The “Distracting Beach Babes” scam appears to be the latest incarnation of the widespread “Sexiest Video Ever” assault we saw spreading on Facebook last weekend, installing adware onto victims’ computers which can make money for the hackers behind the attack.
Clicking on the “video” link takes you to a rogue Facebook application (a number of different application names have been used in this attack including BluRay, Avi Video, Video Wave and 3GP). If you agree to give it permission to run (in your feverish desire to watch the video) then it will display a bogus message advising that you need to update your FLV player, and direct you to download adware to your computer. Meanwhile, the application has just forwarded the video in your name to all of your Facebook pals.
And you shouldn’t be in any doubt as to how successful a scheme like this can be. Many Facebook users are all-too-comfortable with receiving salacious videos and humourous links from their friends, and will click on them without a moment’s thought. Unfortunately that can then begin a bombardment of malicious posts to their social networking contacts – do you really want a blitz like this unleashed in your name?
Fortunately, some Facebook users are using the medium to warn each other of the threat:
If you have been hit, you should delete the offending message from your page, scan your computer with an up-to-date anti-virus, change your passwords, review your Facebook application settings (to ensure you have blocked the rogue application).
Also, learn an important lesson: don’t be so quick to click on unsolicited links and approve unknown applications in the future.
Perhaps most importantly, tell your friends to also do the same.
Update: For two Saturdays running we’ve seen Facebook users hit en masse by rogue applications and adware downloads, disguised as sexy or funny videos. I’m beginning to wonder if the cybercriminals deliberately launch these campaigns on the weekends, imagining that anti-virus researchers and Facebook’s own security team might be snoozing.
And this got me thinking. Isn’t it time that Facebook set up an early warning system on their network, through which they can alert their almost 500 million users about breaking threats as they happen? Imagine just how many people could have been protected if a simple message had appeared on all users’ screens warning them of the outbreak.
If you’re regular user of Facebook, you can join the Sophos page on Facebook. We posted messages up there about this attack as it occurred, but we’ve obviously only got access to a tiny proportion of users compared to Facebook itself.
There is a Facebook Security page (with an impressive 1.8 million fans), but at the time of writing (Monday 24th May) there have still been no specific warnings have been posted about either the “distracting beach babes” attack or the “sexiest video ever” assault from 15th May.
Facebook needs to work harder both at preventing these kind of attacks from happening, and also better co-ordinating its response when an outbreak occurs. Unless something is done, I wouldn’t be surprised at all if there was another widespread attack this coming weekend impacting thousands of Facebook users.