Very Hot & Funny - Dont Miss It - LOL [VIDEO] The Hottest & Funniest Golf Course - LOOOL

Best Golf Course Video - Very Very Funny is another Facebook survey scam.

The above link will take you to a Facebook page like seen below.

It says "You have to click on [Let Me Watch] Before Playing the Video" but "Let me watch" and "Play the video" both are hidden Like buttons it tricks you to click on them this is called "Likejacking".

The last link 'click here' will take you to the site 'www.awesomvids.uniy.eu' where it will pop up a window displaying 'You have to share this page before watching the video'.

Even when you try to close the pop up window it will show an alert saying 'You have to share this page before watching the video' forcing you to click on the share button to spread the scam.

After sharing the scam message it will take you to a typical survey scam, no video will be displayed. 

Always be aware of the content you share on Facebook. Also, think twice when sites like these ask you to share some unknown content on your Facebook Wall.

A free gift card to all facebook users CLICK HERE & CLAIM NOW is a Survey Scam

Walgreens is currently giving away 1 gift card to 10,000 lucky Facebook users!..
Cheesecake Factory is currently giving away $100.00 gift cards to all facebook users!!

Shell is currently giving away $100.00 gift cards to all facebook users!!

Get $1000 Kohls Gift Card for FREE! (limited time only)
Get Free SimCash in 5 minutes ! (Limited time offer)
FREE $500.00 Victoria Secret GiftCard!! (limited time only)

All these are survey scam messages targeting Facebook users mostly of US region. Spammers are using the famous brand names to   attract people and make them fall in their trap.

When you click on these scam post you will be redirected to the site 'cheesecakekhalo.s3-website-us-east-1.amazonaws.com' like seen below,

Here the Gift cards remaining is just a counter running using Java Script. It is just to tempt you click on the 'post to profile' button. 

When the 'post to profile' button is clicked it will post the scam message on your FB wall and all your friends will be viewing it in their news feed and they will be tempted to click on them. Below seen is the script used by the scam to post the message,

After sharing the scam in your wall it has script to pop up a new window opening the site "http://cheeeeesecake.info/cake.php"

The cake.php contains link to the affiliate marketing site www.cpalead.com/exitpopup.php.

At last they will ask you to complete the surveys depending upon your location. There is nothing like free gift cards only the spammers will earn money because of your innocence.

The spammers earn commission for every survey that is completed. Their work is to drive traffic to the online survey sites and make people complete them. 

Below seen are similar scam post spreading across FB,

"Dollar General is currently giving away free gift cards to all facebook users!"

"Get 1 F.R.E.E Walgreens Gift Card! (limited time only) CLICK HERE & CLAIM NOW"

"Kohls is currently giving away free gift cards to all facebook users!"

"Get $100 Shell Gas Card for FREE!(limited time only);Shell is currently giving away free gift cards to all facebook users!"

"TGI Friday's is currently giving away $100.00 gift cards to all facebook users!!"

"Costco is currently giving away $1000.00 gift cards to all facebook users!!"

"why pay for SimCash when you can get it for free? Now claim your 320 SimCash for free !Limited time promotion only"

"Victoria's Secret is currently giving away gift cards to all facebook users!!"

"Get a Free $1,000 Walmart Gift Card!"

Facebook is currently giving away 1 gift card to 10,000 lucky Facebook users!

"Welcome to the only place where you can get 2000 facebook credits for FREE! Get yours today!"

"CVS Pharmacy is currently giving away free gift cards to all facebook users!"

"Get a Free Black MacBook Air!"

"Dunkin Donut is currently giving away $100 gift cards to all facebook users!!"

Starbucks is celebrating 40 years and giving away $50.00 gift cards to all Facebook users!

Domains participating in this Scam event are,

shellgas1.s3-website-us-east-1.amazonaws.com, 
tgi2.s3-website-us-east-1.amazonaws.com, 
wallgreens007.s3-website-us-east-1.amazonaws.com, 
needgas.s3-website-us-east-1.amazonaws.com,
zwalgreens.s3-website-us-east-1.amazonaws.com,
free.greatlivenews.com, siimsociial.weebly.com, cheeeeesecake.info/cake.php, cheesecakekhalo.s3-website-us-east-1.amazonaws.com, siimsociial.weebly.com, freeoneszz.s3-website-us-west-2.amazonaws.com, 2000creditsnewoffer.blogspot.com, www.wouchr.com, freecreditsgiftcard.blogspot.com, 50.116.79.168/~hugefb/starbuck/.

"WOW!... It Worked.. Yippe!! I Just Got a Recharge of Rs 500..! Just Try It Out Friends.. Thanks I Love it>>Click here to Know. -->>

Another free recharge scam spreads accross FB today and targets mobile users in India. This time it asks users to manually post the scam message on different "Facebook Groups" and "Friends Wall" in order to "Get FREE 500 Rs. Recharge !!!"

Link'http://is.gd/FreeRecharge' you see above is shorten url of http://freeindiarecharge.blogspot.com. Once you click on it you will be taken to the page like shown below,

Here it asks you to follow 4 simple steps to get the recharge amount. Actually it makes you to spread the scam message among different facebook users and groups. Also, it spams your own wall.

It tricks you saying IMPORTANT: ALL THE 10 POSTS SHOULD BE POSTED IN 10 DIFFERENT PLACES! IF THE LINKS ARE NOT DETECTED THEN THE NEXT PROCESS WILL NOT BE SHOWN. The next process here is the "Next step" button which is nothing but an alert box.

It doesn't have anything beyond this page how many times you click on the "Next step" button it will just display the alert box saying 'Oops ! You have not completed yet !! Please Complete these steps and then Click here !'.

Don't fall prey for these kind of scam and avoid following any steps mentioned in an untrustworthy sites. Below you see the wall of an infected FB user,

Below seen are similar scam messages,

Get Free Recharge of Rs.100 On Your Mobile Now. Offer Valid Till 31/Dec/2011 Only, Hurry up!!!!!

Airtel Free Data Card

Get a FREE Apple Iphone Here Malicious Link New Year gift by facebook

As the New Year is approaching, a new survey scam spreads across the famous social networking site posting Facebook is distributing free Apple Iphone to its users as New Year gift.

The link http://bit.ly/tgtgoN in the above post redirects you to http://dr.tl/nwy12. This URL in turn takes you to "http://www.facebook.com/events/198383210256262/" an event page like seen below. Here it says "First 25,000 Participants Will Get An iPhone 4 for Free" and asks you to complete few steps.

First step it asks you to join the FAKE event by clicking on the "JOIN" button and the 2nd step is to click the "invite friends" button to send the spread the scam among your friends using your name and make them believe. Then 3rd step it asks you to click on the tiny url http://bit.ly/vHKAG9 to enter the shipping address. Actually it is done to open up the below site.

The spammers earn commission for every survey that is completed. Their work is to drive traffic to the online survey sites and make people complete them.


Domains participated in spreading this scam are contrlhairfall.blogspot.com,telugugames.blogspot.com, freeappleiphone.solidwebhost.com/test.php, facebkppc.blogspot.com.



Below seen are similar scam messages,


Get a FREE Apple Iphone Here Christmas gift by apple
Get a FREE Apple Iphone Here
Get a FREE Facebook T-Shirt Here

"LOL The World Funniest Condom Commercial watch here - Malicious Tiny Url"

Old Likejacking spam spreads again through Facebook today. Likejacking is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like" - Wikipedia. 

What you see above is the kind of Spam post that spreaded among Facebook user's today. Once you click on the tiny url - http://bit.ly/upflDQ it will contact the site http://bestaddever.blogspot.com/ and check for your country code  "MY" for Malaysia and "IN" for India.

Based on the country identified it will redirect you to a website. Suppose if you are not from  Malaysia and India you will be redirected to "http://bestadd4u.blogspot.com/". Where you will see something like shown below,

Above seen is not a video its just a jpg image hosted in the site "http://i.imgur.com/yEQiH.jpg". The play button in the middle is to trick user's to click. Its an hidden Like button. Its just like any like button, it will start posting the spam message on your wall once clicked.

Then opens up the window "http://telugugames.blogspot.com/" and asks you to complete the surveys.

It will prompt you saying try to complete different survey again and again. The more you complete the more they earn. 

The spammers earn commission for every survey that is completed. Their work is to drive traffic to the online survey and make people complete them.

Similar domains spreading this infection are bestadd.blogspot.com & mybestadda.blogspot.com.

“>>>>>>>>>>>>>>>>> Event happed TO -A young Girl killed herself after her dad posted a secret of her on her fb wall.... check dad post at--------------------===>Malicious link<=== (remove space from link)”

Today, I found few new variants of the old scam. Looks like the spammers are more benefited with this spam message “A young Girl killed herself after her dad posted a secret of her on her fb wall” since they spread the same message again and again in different methods.

Once you click on the link in the spam messages you will be redirected to a website like shown below. Where it will asks you to install a plugin named “OMX plugin”. Here a famous French web hosting site has been used to a create free domain name and redirect traffic to “watch-status.blogspot.com" domain which host the malicious link to the site http://mysibrand.info/index11.php.

Above you are able to see only “http://newtocheck.c.la/ in the address bar actually you are restricted to view the other 2 malicious sites (watch-status.blogspot.com & mysibrand.info/index11.php) which are responsible for displaying the above content.

Once you install these plugins it will initiate the java scripts(script.js & extra.js) present in the remote site “http://COUPONCI.INFO/test/”. These scripts run behind and spam your wall with the message "Omg , A young Girl killed herself after her dad posted a secret of her on her fb wall.... check dad post at===> Link to FB Photo which contains malicious link”

Then your wall will look something like this,

Above what you see is link to a photo in an hacked facebook account where it contains the malicious link to spread.

Below what you see is the compromised facebook account with a photo uploaded and also contains malicious link.

After posting these spam messages it will redirect you to the site 'http://soshocking2011.blogspot.com" and prompt you to complete the surveys.

The scammers earn commission for every survey that is completed. Their work is to drive traffic to the online surveys and make people enter their personal details. Then these details are used by marketing companies. The affiliate marketing company here is cpalead.com please check the below java script.

Below is the removal instructions to remove the installed malicious plugin.

If you're Firefox user go to Tools->Add-ons->Extension->Uninstall

If you’re Chrome user go to Tools->Extensions->Remove

Always install Add-ons/Extensions from known sources.

Domains spreading this infection are www.DRAMEATFB.c.la, www.BADPOST.c.la, www.SADSTORY.c.la, www.NEWONFB.c.la,www.NEWSATFB.c.la, www.NEWS-FB.c.la, www.SADPOST.c.la, www.NEWS-NEW.c.la, www.NEWTOPSEE.c.la, newtoseethis.blogspot.com, watchmenoze.blogspot.com, watchthatnewsd.blogspot.com, watchmenow1.blogspot.com, dad-post.blogspot.com, ayoubilo.info/plugin.html, umustseethat.info/youtube.xpi, checkthatfast.info/youtube.crx,

Below seen are similar spam messages,

"A drame about a future women who had ended her life after a status update posted on her fb wall by her father.... check all story and dad post at ===> www.DRAMEATFB.c. la (remove space between c and la)"

"This is a sad story happened on fb theatre when a lovly teenage sucided after her dad reval a deep secret of fer via a post on her fb wall...... check all story and dad post at ===> www.BADPOST.c. la (remove space between c and la)"

"This is unbelievable..shocking.. A Teenage ENDED her life on Halloween After A Dad Posted on Her Wall.. check all story and dad post at ===> www.SADSTORY.c. la (remove space between c and la)"

"A schoolgirl killed herself at the second attempt three hours after her dad has posted asecret of her on her fb wall...... check all story and dad post at ===> www.HOTNEWS.c. la (remove space between c and la)"

"poor teenage killed herself at the second attempt three hours after her dad has posted asecret of her on her fb wall...... check all story and dad post at ===> www.SADNEWS.c. la (remove space between c and la)"

"A LITTE young killed herself after her dad posted a secret of her on her fb wall.... check dad post at ===> www.YEPSEE.c. la (remove space between c and la)"

"- Hot and dramatique story happened to schoolgirl and ended dangerousely (on facebook) ...;;; : follow link to know story : ===(remove space between (c )and (la))===> www.CHECK-HERE.c. la)==>"

"i start crying after i see what happened to jessica ... unstead of i dont know her : check all the story at : www.watch-that.c. la (remove space between c and la)"

"plz Be careful to what you post on (facebook) cause that can finish dramatiquely ...;;; : follow link to know story : ================(remove BRACKET ( ) from url ===>www.TO-POST.(c).(la)"

"i hope that not will happed to you follow link to know story : ================(remove BRACKET ( ) from url ===>www.TO-POST.(c).(la)"

"Take a look and be carefull to what you post on (facebook) ...;;; : follow link to know story : ================(remove BRACKET ( ) from url ===>www.NOW-watch.(c).(la)"

"what you post on (facebook) can finish dramatiquely so pay attention to your post ...;;; : follow link to learn more and to know story : ================(remove BRACKET ( ) from url ===>www.DADPOSTLINK.(c).(la)"

Similar Domains spreading this infection are http://bit.ly/y47rcd, http://nouutreet.blogspot.com/?4937, http://moderntosee.info/plugin.html, http://mysibrand.info/watch/prenium.crx, http://mysibrand.info/s.js, http://mysibrand.info/e.js, http://mysibrand.info/f2/f.js

Warning: Above seen are all malicious links. Don't ever try to access them.