You are currently browsing the tag archive for the ‘Facebook’ tag.
We are continuing with our weekly “Top 10” lists of the most dangerous and spamiest Facebook Pages. If you would like to read how we come up with the lists, check out our initial post here but here is how we define each category…
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Here are this week’s Top 10 lists:
Most Dangerous
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
1 | 5 | Minecraft | 1053 | 180 |
2 | 1 | Machinima.com | 735 | 663 |
3 | 6 | EL SECRETO DE LOS SIMPSONS | 211 | 165 |
4 | 4 | Farmville | 181 | 189 |
5 | 3 | Xbox Daily News | 102 | 239 |
6 | — | Keri Hilson | 90 | — |
7 | 10 | FrontierVille | 90 | 97 |
8 | 20 | Don Omar | 88 | 37 |
9 | 12 | The Game | 86 | 78 |
10 | 25 | The Ellen DeGeneres Show | 64 | 29 |
Spamiest
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
1 | 3 | FC Barcelona | 1353 | 890 |
2 | 4 | Cristiano Ronaldo | 1038 | 878 |
3 | 2 | Ninja Saga | 1003 | 963 |
4 | 47 | Shakira | 886 | 118 |
5 | 5 | Justin Beiber | 845 | 661 |
6 | 6 | Michael Jackson | 816 | 640 |
7 | 16 | Lil Wayne | 677 | 342 |
8 | 11 | Hotel City | 608 | 443 |
9 | 9 | Avril Lavigne | 561 | 485 |
10 | 24 | YO SOY DE VENEZUELA | 554 | 204 |
A few notes about this week’s list:
The targeting of pages using human spam continues this week. Overall, every week the same pages are repeatedly earning a spot on the lists. As usual, stay vigilant of any comment and links on all Facebook Pages.
A popular and heavily pushed scam this week focuses on using people to propagate the spam. The tactic results from scammers trying to get around the normal spam blockers. What better way to spread spam than using human subjects?
The bait is usually some free in-game cash or some other unfair advantage in popular Facebook games. We have seen many examples of these promises across the social games.
Here is one promising “Free Farmville Cash”:
The way the scam works is they promise to deliver something that they obviously cannot. In exchange, they claim, all you need to do is: 1. like their page, 2. share it, and 3. spam some message (almost always with a link back to the site) to some arbitrary amount of pages.
Like this:
Of course the end result of all this is you don’t get what was promised, and the spammer now has you broadcasting his garbage everywhere.
Here are some more examples:
This one targets Minecraft:
Keep in mind that there are a great deal more of these out there using all sorts of bait. The base scam is the same though, trying to get regular Facebook users to do the spamming for them.
We are continuing with our weekly “Top 10” lists of the most dangerous and spamiest Facebook Pages. If you would like to read how we come up with the lists, check out our initial post here but here is how we define each category…
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Here are this week’s Top 10 lists:
Most Dangerous
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
1 | 3 | Machinima.com | 663 | 296 |
2 | 47 | Ninja Saja | 305 | 32 |
3 | 4 | Xbox Daily News | 239 | 230 |
4 | 5 | Farmville | 189 | 208 |
5 | — | Minecraft | 180 | — |
6 | 2 | EL SECRETO DE LOS SIMPSONS | 165 | 493 |
7 | — | Xbox UK | 141 | — |
8 | — | Madden NFL Superstars | 122 | — |
9 | 68 | Galatasaray ASiKlarl | 110 | 25 |
10 | 30 | FrontierVille | 97 | 41 |
Spamiest
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
1 | — | MYX Philippines | 1246 | — |
2 | 5 | Ninja Saga | 963 | 1018 |
3 | — | FC Barcelona | 890 | — |
4 | 8 | Cristiano Ronaldo | 878 | 783 |
5 | 19 | Justin Beiber | 661 | 542 |
6 | 13 | Michael Jackson | 640 | 687 |
7 | 16 | BRAAAINS | 595 | 559 |
8 | 28 | Country Story | 594 | 342 |
9 | — | Avril Lavigne | 485 | — |
10 | 39 | ME GUSTA LA CERVEZA | 455 | 269 |
A few notes about this week’s list:
Looking at the Dangerous list, we are seeing a lot of video game related scams. Those specific scams focus on offerings of free points or game cash. As every week, we see a few social games (those played through the Facebook platform) on the list.
The Spamiest list contains a hodge podge of pages from sports to musical artists to social games. Remember the spam usually appears on wall comments.
We are continuing with our weekly “Top 10” lists of the most dangerous and spamiest Facebook Pages. If you would like to read how we come up with the lists, check out our initial post here but here is how we define each category…
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Here is this week’s Top 10 lists.
Most Dangerous
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
1 | 1 | Justin Beiber | 2580 | 1808 |
2 | 10 | Machinima.com | 470 | 214 |
3 | 3 | Texas Hold’em Poker | 401 | 325 |
4 | 6 | YoVille | 395 | 258 |
5 | 8 | EL SECRETO DE LOS SIMPSONS | 361 | 216 |
6 | 54 | South Park | 227 | 56 |
7 | 7 | Wikileaks | 224 | 221 |
8 | 13 | Lil Wayne | 223 | 157 |
9 | — | YO NO FUIII !! | 185 | — |
10 | 2 | Farmville | 185 | 539 |
Spamiest
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
1 | 5 | Turkce rap | 2476 | 939 |
2 | 24 | Wikileaks | 2347 | 456 |
3 | 1 | Texas Hold’em Poker | 1441 | 3582 |
4 | 3 | FarmVille Sheep | 1437 | 1201 |
5 | 2 | FarmVille Cows | 1425 | 1425 |
6 | 13 | FC Barcelona | 1297 | 606 |
7 | 19 | 678 | 1280 | 532 |
8 | 17 | Michael Jackson | 1050 | 549 |
9 | 8 | Arabesk Rap | 1029 | 726 |
10 | 23 | KopTuq mu? xDe..! | 935 | 465 |
A few notes about this week’s list:
Looking at the Dangerous rankings, we are seeing the same pages every week. They seem to be cycling in and out of the Top 10. Also, our undisputed king of the Dangerous Top 10 is Justin Beiber. This will be three weeks holding the #1 spot. A reminder: these pages appear due to dangerous links in the comments or wall spam.
The Spamiest rankings have seen social games holding steady. Of special interest are three Turkish pages: Turkce rap, Arabesk Rap, and KopTuq mu? xDe..!. These pages seem to be connected through the same sponsor and have been targeted with general spam.
A new attack campaign seems to be surfacing on Facebook. This one focuses on the user directly activating a spam program. An app will try to get users to copy a snippet of JavaScript into their browser’s location bar. The app uses bait tactics, such as promises of “Themes for your Facebook wall” or “See who has viewed your Facebook profile”.
By the way, any app that claims to able to do such things is lying.
Here is an example of one such site.
This particular one claims to provide Facebook themes. There is a short tutorial video that simply tells the user to copy that snippet of code to the browser address bar and hit enter. While most of the time the browser will protect the user from a website trying to run code like this, there is nothing a browser can do if the user is the one who runs the code.
This code will pop up a little box that looks like this:
Of course it is not really setting up themes, it is actually getting the user’s email address (to send spam to?). It also posts itself to the user’s Facebook wall to lure more victims. This last part doesn’t exactly work due to a bug in the JavaScript code.
Bottom line, don’t paste unknown JavaScript into your browser. Ever.
Those of you who want a more technical explanation of what this does, read on.
The code pasted into the browser adds a <script> tag to whatever page is open at the time. The src attribute points to a site controlled by the bad guys. Every app we have seen so far had a different site. Normally, a browser will only let a script read a cookie if it comes from the same site that wrote the cookie. When the user embeds this foreign script tag into Facebook, the browser sees the script as coming from Facebook, and allows it access to the Facebook cookies.
The script that gets pulled in from the bad guy’s site is obfuscated by turning each letter in the code to a number and then translating them back into letters right before execution. The unscrambled code in turn grabs the next line of even further obfuscated code and unscrambles that by subtracting some amount (23 in this case) from each number before translating it back to a letter to get the final payload.
There seems to be a bug in the final payload where a faulty regex fails to parse a user id out of the page source.
We are continuing with our weekly “Top 10” lists of the most dangerous and spamiest Facebook Pages. If you would like to read how we come up with the lists, check out our initial post here but here is how we define each category…
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Here is this week’s Top 10 lists.
Most Dangerous
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
1 | 1 | Justin Beiber | 1808 | 1437 |
2 | 5 | Farmville | 539 | 345 |
3 | 7 | Texas Hold’em Poker | 325 | 324 |
4 | 22 | FarmVille Cows | 319 | 181 |
5 | 28 | FarmVille Sheep | 308 | 165 |
6 | 19 | YoVille | 258 | 185 |
7 | — | Wikileaks | 221 | — |
8 | 26 | EL SECRETO DE LOS SIMPSONS | 216 | 171 |
9 | 2 | Harry Potter | 215 | 379 |
10 | 856 | Machinima.com | 214 | 10 |
.
Spamiest
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
1 | 2 | Texas Hold’em Poker | 3582 | 2116 |
2 | 5 | FarmVille Cows | 1425 | 1325 |
3 | 6 | FarmVille Sheep | 1201 | 1188 |
4 | 8 | Justin Beiber | 1156 | 1133 |
5 | 14 | Turkce rap | 939 | 658 |
6 | 25 | Komik Ve liginc Videolar | 907 | 468 |
7 | 27 | Pet Society | 760 | 435 |
8 | 15 | Arabesk Rap | 726 | 641 |
9 | 37 | FarmVille | 712 | 351 |
10 | 26 | Miley Cyrus | 679 | 454 |
.
A few notes about this week’s list:
Justin Beiber and the social games continue to hold the top spots on the “Dangerous” list. We expect to see this trend continue. On the Spamiest ranking, social games hold most of the spots. We don’t expect to see any real change in the coming weeks. As ever, be vigilant about links posted on Facebook pages. Verify the link’s identity before clicking to avoid any problems.
We are continuing with our weekly “Top 10” lists of the most dangerous and spamiest Facebook Pages. If you would like to read how we come up with the lists, check out our initial post here but here is how we define each category…
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Here is this week’s Top 10 lists.
Most Dangerous
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
1 | 1 | Justin Bieber | 1437 | 1236 |
2 | 5 | Harry Potter | 379 | 465 |
3 | 2 | Twilight | 379 | 701 |
4 | 9 | Lil Wayne | 375 | 405 |
5 | 44 | FarmVille | 345 | 201 |
6 | 6 | Usher | 334 | 437 |
7 | 3 | Texas Hold’em Poker | 324 | 503 |
8 | 14 | Shakira | 302 | 380 |
9 | 13 | Linkin Park | 284 | 383 |
10 | 22 | AKON | 269 | 272 |
Spamiest
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
1 | 1 | Lil Wayne | 2253 | 2150 |
2 | 2 | Texas Hold’em Poker | 2116 | 2047 |
3 | 4 | Drake | 1475 | 1706 |
4 | 16 | Real Madrid C.F. | 1415 | 857 |
5 | 21 | FarmVille Cows | 1325 | 722 |
6 | 19 | FarmVille Sheep | 1188 | 756 |
7 | 8 | Wiz Khalifa | 1170 | 1402 |
8 | 7 | Justin Bieber | 1133 | 1512 |
9 | 15 | FC Barcelona | 867 | 878 |
10 | — | Michael Jackson | 784 | — |
A few notes about this week’s list:
Looking at the dangerous listing, we are seeing a correlation between the pages targeted and celebrity news. For example Justin Bieber, Usher, Twilight, Lil Wayne, and Harry Potter were in the Top 10 last week and continue to be a presence this week. We are also seeing a reemergence of the various Zynga games. This holds true from last week. We expect to continue to see the same trend over the coming weeks.
As for the spamiest list, this week is showing multiple social game pages, celebrity pages, and even some soccer team pages. We are expecting to see a continuous presence of social games in this category. We may be seeing the soccer teams because of a few matches played in the last week. Due to the appearance of the teams of the field, we may assume there was an increase of visits to their Facebook pages.
In keeping with our policy of vigilance, we recently have found another attack targeting Justin Bieber’s Facebook page. If you recall from last week’s Top 10 list, Justin Beiber’s Facebook page achieved the top spot in the Dangerous category and the seventh spot in the Spamiest category. To better acquaint you with the threat, we’ve broken down what happens.
Here we see some “Breaking News”:
Apparently, Justin Beiber has been caught red-handed! Quick, click “subscribe.”
Uh, that’s not what we were expecting, but never mind that right now. Onwards!
There we go! Now we can watch our video.
…
Wait a minute! Does that say YouTube? We could have seen this (shaky) video by simply going directly to YouTube. What was all that messing around with permissions?
And just look at what this app has done to our wall.
Spam. In our name. Bad app, no treat.
The moral of this story is, never allow an app more permission than it should logically need. All this app claimed it was going to do was show us a video, so why would it need permission to post to our wall, access our data anytime, or manage our pages?
If you or someone you know has fallen victim to this app or one of the many others like it, you should revoke the app’s permissions. To do this, go to “Account>Privacy Settings”. Under “Applications and Websites,” click “Edit your settings.” Then click “Remove unwanted or spammy applications.” Finally, click the little “x” by the app you want to remove and confirm your desire to remove it by clicking the blue “Remove” button in the box that pops up.
And if you really must see that video of Justin Beiber kissing some girl…
http://www.youtube.com/watch?v=qyRA2xyK1e8
Knock yourself out.
Last week, we published the first of our weekly “Top 10” lists on the most dangerous and spamiest Facebook Pages. If you would like to see last week’s lists and understand how we come up with the lists, check out our initial post here.
Here are this week’s Top 10 lists…
Most Dangerous
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Threat Count |
1 | 1 | Justin Bieber | 1236 | 670 |
2 | 34 | Twilight | 701 | 43 |
3 | 2 | Texas Hold’em Poker | 503 | 239 |
4 | 23 | Dirty Dancing | 483 | 55 |
5 | 101 | Harry Potter | 465 | 25 |
6 | 117 | Usher | 437 | 22 |
7 | — | Mama Mary | 418 | — |
8 | 22 | Michael Jackson | 407 | 55 |
9 | 48 | Lil Wayne | 405 | 38 |
10 | 37 | YouTube | 402 | 42 |
Spamiest
Rank | Last Week’s Ranking | Facebook Page | Threat Count | Last Week’s Spam Count |
1 | — | Lil Wayne | 2150 | — |
2 | — | Texas Hold’em Poker | 2047 | — |
3 | 3 | FrontierVille | 1926 | 1155 |
4 | — | Drake | 1706 | — |
5 | 1 | FarmVille | 1622 | 1489 |
6 | 42 | Underground & Gangsta Rap | 1598 | 167 |
7 | — | Justin Bieber | 1512 | — |
8 | 2 | Wiz Khalifa | 1402 | 1477 |
9 | 63 | Mafia Wars | 1329 | 120 |
10 | 63 | Fikra ve Espiri Dünyasi | 1243 | 120 |
A few notes about this week’s lists:
Last week our “Top 10” included many social games. This week we are seeing more celebrity pages included. Perhaps this is tied to current events. For example, Lil Wayne was just released from jail and has had a resurgence in news exposure this past week. It will be interesting to continue tracking this trend in the coming weeks.
A lot of the activity related to the “most dangerous” list was due to a malicious application outbreak on November 17. The app enticed the user with “See the shocking video of the 1-year-old girl who CARRIES TWIN SISTER inside belly.” To see the video, the user had to authorize the application. Once authorized, the app proceeded to spam the user and possibly the user’s fan pages to propagate, or spread.
A point of interest is the inclusion of Mama Mary, a Facebook page dedicated to Mary, the Mother of Jesus. We don’t usually see religious-centered pages enter into the Top 10. This one seems to be an instance of collateral damage. The same malware application spammed to most of the rest of the Top 10 ended up covering this page.
SafeToBe.Me was created to help monitor and inform consumers of privacy and security issues in Facebook. The application looks for spam, malware, phishing scams, automatic file downloads, and strong language. SafeToBe.Me scans Facebook Pages, status updates, comments to statuses, and application posts, and notifies users of any potential spam or danger. To better inform consumers, today we are releasing our first weekly “Top 10” list of the Facebook Pages containing the most dangerous content and the most spam.
Overall we monitor the Top 5000 popular Facebook Pages and any pages “liked” by our users. We scan those pages for instances of spam or potentially dangerous links. Even if a page falls out of the Top 5000 Facebook Pages, we keep it in our monitoring rotation. Threats are typically found in posts by users on the Wall of a page or in comments made to a status update posted on a page. We’ve broken done the categories into “Most Dangerous” and “Spamiest”. Below are descriptions of these categories.
Most Dangerous Category: This category could be a post or comment containing a dangerous link. These links can lead to malware, phishing, or suspicious/dangerous Facebook applications that gather personal information and use people’s accounts for spam.
Spamiest Category: The spam noted could be Wall spam or comment spam. All the spam messages included in the tally contain at least one URL and have been posted multiple times across different pages and post comments.
Thus we present this week’s Top 10 lists.
Most Dangerous | ||
Rank | Facebook Page | Threat Count |
1 | Justin Bieber | 670 |
2 | Texas Hold’em Poker | 239 |
3 | Social City | 228 |
4 | YoVille | 210 |
5 | FarmVille | 187 |
6 | FarmVille Cows | 157 |
7 | Cafe World | 136 |
8 | Restaurant City | 112 |
9 | FarmVille Sheep | 100 |
10 | SOY ARGENTINO | 96 |
Spamiest | ||
Rank | Facebook Page | Spam Count |
1 | FarmVille | 1489 |
2 | Wiz Khalifa | 1477 |
3 | FrontierVille | 1155 |
4 | Michael Jackson | 900 |
5 | FarmVille Cows | 616 |
6 | KopTuq mu xDe..! | 596 |
7 | FarmVille Sheep | 533 |
8 | FC Barcelona | 530 |
9 | Amr Khaled | 526 |
10 | T.I. | 479 |
Notice that many of the Facebook Pages in our rankings are social games. We know that social games are very popular on Facebook so it is not a surprise that malware and spam pushers are focusing on this category.