We’ve seen some messages being spread on Facebook in the last day or so, claiming to link to a video of Barack Obama. Most of them appear to have been cleaned up by now (presumably by Facebook Security) but there are still some remnants lying around.
Here’s a typical message:
hello have you seen this recent video on the president? What is he doing in it?! LOL
What's the president doing in this video. OMG LOL!
Some versions of the message give away that the link will ultimately take you to a website ending with .co.cc. Almost all of the links we see in SophosLabs which end with ".co.cc" contain "bad stuff". Perhaps it would be simplest if everyone simply avoided .co.cc links (and close cousins such as .cz.cc) as they are tainted by association.
And what sort of name is hzjqorbbmdnf anyway?
Regardless of the dodgy-looking nature of the link - what happens if you click on it?
Well, you will be redirected...
Read more in my article on the Naked Security website.