A new type of scam with the title "naked VIDE0" spreading rapidly on Facebook. Many user's attempting to see naked videos of their friends got infected by malware.
Once clicked on, the link redirect users to a malicious page which is designed to look alike YouTube page. It shows the message as "Adobe Flash Player crashed" - update Flash player while visited using Chrome browser and it asked to install the plugin while viewed using Firefox browser. In case of Chrome browser it downloads an executable file with file name FlashPlayerv26.2.1.exe whereas in Firefox browser it just gets installed as browser plugin.
In the below screenshot you can see the Java script used to identify the type of browser used by the visitor and depending upon that information it will redirect users to appropriate malicious websites.
Once the executable file is run it will install the "YoutubePremium 14.99" browser extension in Chrome and kills the running Chrome process forcing the user to reopen the browser and the plugin gets initiated.
Once the browser extension is installed it starts monitoring all your browsing activities and it also takes your facebook profile picture and uses it to post the scam message on your wall with the message name + naked + video. Seeing your photo your friends will click on the malicious link and get their systems infected. In the below screenshot you can see the scripts used to tag your friends on the scam post.
In Chrome browser it prevents the user from uninstalling the browser extension. Whenever user tries to view the extensions installed on browser it will redirect user to Chrome extension store.
Latest variant of this scam spreads with the title "xxx hot sexy girl strip tease teen ass"
How to Remove it in Chrome: Before you start close all Facebook tabs in Chrome and than close Chrome itself
ReplyDelete1. Go to C\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions
2. Delete the content of the folder (Note that any extensions you have will be lost)
3. Onen Chrome -> Open new tab and write chrome: "chrome://downloads/"
4. probably one on your last downloads is a file named "FlashPlayerv32.exe" or something similar to that. Remove all files with name like that.
5 Make a new system search with "FlashPlayerv" and delete all files found
6. Finally delete all related post from your activity log
To realy make sure you got rid of this scam open your Chrome Settings -> Click Extensions and if the scam is present it will automatically redirect you to chrome apps store if not you will see your local extensions
Thank you.. This should definitely help.
Delete