[Security] New CAPTCHA method or just another likejacking scam?


In case you’ve seen this on Facebook, try to not click on it even if you understand French (it appears to be only in Franch) because it will take you on a road where you don’t want to be.


But, we like to live dangerous, so we analyzed this for you.

Once you click on the video, you will see a window with the video you’ve chosen to see, but in background between 1 and 3 browser instances are opened pointing to various advertisement websites and malware (more on this below).

We were expecting to have immediately on the fake Facebook profile the link posted, as the normal likejacking scams do. But surprisingly it didn’t.

The first strange thing about that video is that it appears to do something as if it is preparing to buffer video content. But it doesn’t …

It displays this :


Anti-robot control
For reading the video, you must share it on Facebook.

Ahm… how can one read a video ? Maybe see the video…



If you click on Play, the following window shows up explaining that you must like the video first and then try again to play it.



There is a trick… which I discovered by chance.

If you don’t click on the button for about 5 minutes, you can still see the video without sharing it.

One of the pages opened in the background was a deja-vu for me: Check who visit(ed) your Facebook profile. We wrote many times about this … and about the fact that it is not possible to see who visited your profile.





Once you click on it, the browser tries to open a download which points to a malicious file.

Fortunately, the Web Protection functionality detects the URL and blocks it accordingly.
[via]

Comments

Post a Comment

Để lại góp ý của bạn để blog của mình hoàn thiện hơn :))

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

Image
/includes/header.php?systempath= /Gallery/displayCategory.php?basepath= /index.inc.php?PATH_Includes= /nphp/nphpd.php?nphp_config[LangFile]= /include/db.php?GLOBALS[rootdp]= /ashnews.php?pathtoashnews= /ashheadlines.php?pathtoashnews= /modules/xgallery/upgrade_album.php?GALLERY_BASEDIR= /demo/includes/init.php?user_inc= /jaf/index.php?show= /inc/shows.inc.php?cutepath= /poll/admin/common.inc.php?base_path= /pollvote/pollvote.php?pollname= /sources/post.php?fil_config= /modules/My_eGallery/public/displayCategory.php?basepath= /bb_lib/checkdb.inc.php?libpach= /include/livre_include.php?no_connect=lol&chem_absolu= /index.php?from_market=Y&pageurl= /modules/mod_mainmenu.php?mosConfig_absolute_path= /pivot/modules/module_db.php?pivot_path= /modules/4nAlbum/public/displayCategory.php?basepath= /derniers_commentaires.php?rep= /modules/coppermine/themes/default/theme.php?THEME_DIR= /modules/coppermine/include/init.inc.php?CPG_M_DIR= /modules/coppermine/themes/c
Read more

[Security] Internet blackout scheduled in protest of SOPA

Last night I spent an inordinate amount of time on reddit looking at pictures of baby hedgehogs, reading a Q&A with a theoretical physicist, and catching up on the intended blackouts protesting the Stop Online Piracy Act (SOPA) and its sister bill, Protect IP Act (PIPA). Haven’t heard about SOPA? It’s no wonder, since the mainstream media has been curiously silent on the issue. Maybe it’s because most of the big news outlets are owned by companies supporting SOPA. Nonetheless, reddit and others, such as Tucows, Cheezburger, game developer Red 5 Studios, and hacktivist group Anonymous, hope to make the issue broadly known with a coordinated internet blackout scheduled for January 18th. Things will really get interesting if the “nuclear option” is implemented where the likes of Wikipedia, Google, Facebook, Ebay, Yahoo!, LinkedIn, Tumblr, Mozilla, Twitter, and PayPal “go simultaneously dark” to join them in protest of the bill. You may have heard a blip of a news story during the
Read more