Our earlier post about malicious links being spammed out on Facebook said that the links were phishing attempts. Well, turns out it's also an adware scheme.
So the links we saw being sent around led to a fake Facebook log-in page:
Looks like a plain vanilla phishing attempt so far. However, further testing with a dummy account showed that something a bit more interesting is going on.
If you enter your account details into the supposed log-in page, you're directed to this enticing notice:
Who doesn't want a free iPad, right? If you then click on the "Claim Now" buttons for any of the oh-so-lovely prizes, you then get taken to this site:
Still no prizes. If you click on the big shiny button on that page, you get this:
And if you do download that, you get a consolation prize of… adware. And you just paid for it with your account details. Shortly afterwards, Facebook notified us about some suspicious access activity in our dummy account:
No, that's not where we are. Clicking the "I don't recognize" button led to a new password creation page, from which we could recover the dummy account.
OK, so this scam is not terribly new or original. We blogged about a roughly similar scheme running around Twitter in August of last year.
Fortunately, the links directing users to these sites are now inactive, and most of the related sites seem to be down. Our product also detects and removes the downloaded adware.