FB Survey scam : RED FACEBOOK IS HERE FOR VALENTINES DAY!! BYE BLUE FACEBOOK!! Switch Your Facebook to different colours and Themes

Below seen is the new variant of old scam change your Facebook Profile To Pink, Red or Black Survey Scam!!!

Clicking on the link will take you to a Fake Facebook application fb-theme like seen below.

When click here is clicked it will request for user permission. Don't ever allow access to any of the unknown application in FB. Once allowed it can post any content on your wall and steal your personal information.

Clicking "Allow" will post the spam content on your wall so that your friends can also click on the spam content and help them spread. You will be only shown with survey to complete nothing like RED Facebook Themes so be aware of these kind of fake apps, scams and stay safe in Facebook.

Remove the access you granted to the Fake application by going to Account Settings -> Apps-> Remove.  

Similar variant:

"COOL!!! I CHANGED MY BLUE FACEBOOK THEME IN PINK FACEBOOK!!

Switch Your Facebook to different colours and Themes"

Trojan Proxy targets Brazilian financial websites

File source: www.danibolinhagp.com.br/video.mpeg.exe

MD5: CCC531F5DD9929ABC4BCD69BCC748424

SHA1: FE71AA78DC9288E9997482380C4F270495CA7631

This Trojan is hosted in the Domain: danibolinhagp.com.br looks like a fake porn website. Because in the website where ever you click on it will download the trojan. The reason for the extension of mpeg is since it is a fake porn video hosting site. When a user clicks inside the webpage it downloads the Trojan in the file name video.mpeg.exe

In a hurry of watching the video many people don’t notice the .exe extension.  Once executed it searches for running instance of Internet explorer and Firefox process and terminates them if found running. So, that it can set the proxy server and make the user login again.

The Host: padariarva.com seen below is nothing but a link to the proxy auto-config file pele.pac. It contains the Proxy IP address “188.138.114.62".

This url is added to the autoconfigurl registry key like seen below. So, whenever you try to access any site it will contact the proxy auto-config file first and if your search query matches the site listed in the file then the request goes to the proxy IP “188.138.114.62"and in turn it forwards the request on behalf of you to the bank site. Like Man In The Middle attack.

 The list mostly contains of Brazilian financial institutions. Check below for information,

If you’re infected with this Trojan you have high risk of compromising your bank credentials. My advice is to clear the proxy registry first by typing regedit in cmd prompt and going to the below location and delete the data part in the AutoConfigURL registry key.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ AutoConfigURL

The Trojan file will be in hidden attribute in the location where you executed.

If you’re unable to view the file  open My Computer go to

Tools->Folder Options->View-> select Show hidden files and folders. Now go to the location where you executed the file and delete it. Last but not least change your bank accounts password.

OMG.. this is what Happened to his Ex-GF! Le perdi todo el respeto a Shakira despues de ver este video! [Video]Oops!!! There was a hidden camera in bieber’s bedroom / Omg!

SCAM 1 - OMG.. this is what Happened to his Ex-GF! ?[Video] Lmao.. I cant believe this actually happened to his Ex-Girlfreind! – Survey SCAM

The link on the wall post will take you to the site funniestprankvid.info which contains link to 2 png files seethexgfprank.com/img/yplay3.png and i.imgur.com/ZyarU.png together display the below content.

What you see above is not any video player or legit user comments they are IMAGE files just to trap you.

  

Clicking on the play button will contact www.seethexgfprank.com/img/partager.png and will ask you to share the video. Once share button is clicked it will post the spam on your wall. Then it contacts www.seethexgfprank.com/img/movie11.png to display the below image with play button.

  

Once the play button is clicked it won’t display any video instead connects to http://xgf.shockingfbvideos.com/video2 to display the survey. Completing these surveys will make spammers earn money.

SCAM 2 - [Video]Oops!!! There was a hidden camera in bieber’s bedroom / Omg! I just lost all respect for Justin Bieber and Selena Gomez after watching this hidden SEX cam video in his room – Installs Rogue Browser Plug-in

Below seen is a variant of rogue browser plugin facebook scam spreading viral misusing the Canadian pop singer Justin Bieber popularity.

The link on the scam post will lead you to a fake website disguised like Facebook to avoid any kind of doubt arising to the user.

It asks you to install a browser plugin named youtube to view the video. Actually the plugin is installed to monitor your browser activity. When you access your Facebook account it will spam your wall with the scam post without your knowledge.

Below you can see the code used by the plugin to read your cookie and spam your wall in Facebook with malicious content.

To uninstall go to Options -> Extensions -> Remove in your Chrome browser.

SCAM 3 - Le perdi todo el respeto a Shakira despues de ver este video! No puedo creer que hizo esto en public – Encuesta de Fraude.

Al hacer clic en el enlace del mensaje que le redirigirá a la página siguiente donde se le pedirá que seguir 3 pasos.

Después de estos pasos le ayudarán a promover el SCAM, entre otros usuarios de Facebook.

A continuación puedes ver el código que utiliza para validar si ha seguido los pasos 1 y 2. Si se sigue, se abrirá la estafa de la encuesta.

A continuación se puede ver la ventana de estafa encuesta muestra.

SPAM - WOAH! My profile has been viewed 97 times just today and I can see that I have quite few observers..BIG Thanks to The Facebook Team For FINALLY Giving Us Something To Check Our Profile Views With!Check it out

WOAH! My profile has been viewed 97 times just today and I can see that I have quite few observers..BIG Thanks to The Facebook Team For FINALLY Giving Us Something To Check Our Profile Views With!Check it out: Link to fake Facebook Application.

Above seen is the scam post spreading across FB users rapidly. It uses the vulnerability in the way Facebook applications access/interact with your Facebook account. Below seen is one of the fake Facebook apps “DArling LPS 2”.

Since facebook apps are part of apps.facebook.com many people trust them and follow their commands displayed in the application page. Here whether you click on the button “Continue to App” or not you will be redirected to the next step if you wait in the page for few minutes.

  

This is the most important part of this spam if you click on allow you are authorizing the fake apps to steal  your personal information and also to post status message, photos or videos on behalf of you, which is very bad.

Once you click on allow you can see the below spam post updated in your facebook status.

  

Then it will display a page like seen below where it keeps on loading your profile visitors but it doesn’t display anything.

To remove these spams first disapprove the access permission granted by you earlier by going to Home->Account Settings -> Apps -> Edit.

  

Once you click on edit you will be prompted with the below message. Click on Remove.

If you have removed the application successfully you should see the below alert message.

Now go to your wall and select the ‘X’mark in right corner of the spam post. It will display a drop-down list select ‘Report/Mark’ as Spam. 

That’s it the spam will be removed completely. Now you can use your Facebook account happily like before but be careful while you allow access to any application on Facebook and try to differentiate between Fake and Legit apps.


Note: “DArling LPS 2” is one of the Fake application. In reality there are lot of similar apps so identify the app by which you're infected and remove them.


Similar Variants:



WOAH! My profile has been viewed 55 times just today and I can see that I have quite few observers..BIG Thanks to The Facebook Team For FINALLY Giving Us Something To Check who's viewing our profile!Check it out: http://apps.facebook.com/asdfagasda/


OMG! My profile has been viewed 97 times just today and I can see that I have quite few observers..Big thanks to the Facebook team for finally giving us something to check our profile views with!check it out:http://apps.facebook.com/fhinderprofilee/


WOW! BIG Thanks Goes Out To The Facebook Team For FINALLY Giving Us Something To Check Our Profile Views With! Launched TODAY, This is What We All Been Waiting For! Check it out: http://apps.facebook.com/sdfjlhsdfn/


BIG Thanks Goes Out To The Facebook Team For FINALLY Giving Us Something To Check Our Profile Views With! Launched TODAY, This is What We ALL Been Waiting For! Check it out: http://apps.facebook.com/viewermfksdfg/


WOW!My profile has been viewed 87 times just today and I can see that I have quite a few observers. BIG Thanks Goes Out To The Facebook Team For FINALLY Giving Us Something To Check Our Profile Views With! Launched TODAY, This is What We All Been Waiting For! Enable yours now: http://apps.facebook.com/rewebviewgh/


WOAH! My profile has been viewed 63 times just today and I can see that I have quite few observers..BIG Thanks to The Facebook Team For FINALLY Giving Us Something To Check who's viewing our profile!Check it out: http://apps.facebook.com/svbbwuyyst/



Profile Views: 1494 
Boys: 645 
Girls: 849 
Check Yours Here: http://bit.ly/yQ5suO

SCAM - I lost 30 pounds in just 4 weeks all thanks to hcg. Check it out.

I lost 30 pounds in just 4 weeks all thanks to hcg. Check it out: http://learn-how-to-lose-weightugsws.blogspot.com.

Facebook spam promotes fake site displaying weight lose product to steal user credit card information. When the link in the scam post is clicked it contacts the site http://lkllios1.com/?s=vari and generates a random domain name to redirect you.

Here the makeid() is the function responsible for generating the random sub domain for the domain acbnc.com. Below you can see one of the randomly generated domain

http://health-news.articles.review.pjjls.acbnc.com

The information hosted in this website is well designed to trap people and make them believe and buy their product using their credit cards.

If you choose to close the webpage it opens up a chat application. When you try to chat it will say “This service is not available. We apologize for any inconvenience this may cause.”

The ultimate aim of this spam campaign is to collect your credit card information. When you choose any of their products you will be prompted with a page asking your personal information.

It validates the user entered data like any other site by checking whether all the fields are filled up and also checks whether the entered card number is valid or not.

If not it throws alert messages “Please fix the credit card number."

Once all the information are entered it will post the data to the remote site hcgultrabuy.com/success.php which will be not done by any legitimate site.

  

Then it displays your payment is success and gives you an order number. All these are fake, just to steal your credit card information. It says secure check out but it doesn’t take you to any HTTPS or secure payment gateway.

So, Facebook users don't fall prey for these kind of scam and lose your money. For more information check the link http://spamtrackers.eu/wiki/index.php/Ultra_HCG


Similar Variant: 


Everyone I saw this on TV last month and I already lost a bunch of weight with this program, check it out http://bit.ly/xwking


Hey friends, finally solution that works! Lately I have been using this new weightloss product I saw on Dr Oz. I am already 28 pounds lighter! I got them from here http://bit.ly/x5SqHF?xntjxcjc