Fake 'Activity You May Have Missed' Facebook Alert Leads to Destructive Blackhole Malware Exploitation

Facebook, with over 1 billion users actively living out a real-life Matrix, is undoubtedly a popular launching platform for new and emerging malware threats. With hackers knowing how irresistible it is to taste the social network rainbow of Facebook, they have made the network one of their exclusive hunting grounds for vulnerable victims in the latest round of fake Facebook alerts leading to treacherous Blackhole malware.

Of the most recent malware attacks on Facebook, researchers have identified a fake alert message making its rounds on Facebook claiming "here's some activity you may have missed on Facebook" as shown in figure 1 below. The message itself is harmless until someone clicks on its "Go To Facebook" or "See All Notifications" buttons, thus landing users on a web page hosting the infamous Blackhole exploit kit.

Figure 1. Fake Facebook "Activity You May Have Missed" message leading to malware

The Blackhole exploit kit, attacking a popularized Java vulnerability that we have become familiar with in the past couple of weeks, may be used to spread malicious computer infections. The most recent case was one that lead to the spread of popular ransomware threats, such as Reveton and Urausy. The exploitation resulting from clicking on a new fake Facebook alert serves up a not-so-friendly Adobe Reader and Acrobat malware cocktail.

There is an old saying that you can only lead a horse to the water, but you cannot make it drink. Well, in the can't-live-without-it Facebook world, you can virtually shove something down someone's throat and purposely make them ingest it all with a few simple clicks of a button. Facebook is just that enticing to some, which is why propagated fake Facebook alerts wielded by hackers are so prevalent.

Researchers have found where victims of the fake Facebook alert message Adobe Reader and Acrobat Blackhole exploitation face an information-stealing Trojan horse. The particular Trojan was initially going undetected by a majority of Antivirus applications. Just recently, about half of antivirus products utilized by VirusTotal were detecting this new vulnerability.

Unsolicited messages on Facebook are mostly difficult to detect. Because hackers and cybercrooks are releasing advanced spamming campaigns on Facebook spreading undetected malware, it may be in ones best interest to avoid flirting with the decision to click on a questionable alert or notification. All of Facebook isn't bad, but it is not all good either. We are always confident in saying we have yet to see the end or any type of slowdown in the spread of malware or spam campaigns on Facebook. No matter how enticing a message or alert on Facebook may be, utilize caution or avoid clicking on the message altogether.