Facebook Shuts Down Fake Profiles Designed to Spread Malware

The social networking world continues to be attacked by hackers but Facebook has taken some action to shut down malicious fake profiles that were setup by cybercrooks for the purpose of spreading malware. Social networks such as Facebook are known to be playgrounds for online attackers and scammers allowing them to spread their malicious software.

AVG Technologies, a security company that provides antivirus applications, has revealed cases where users of one of their services, have detected several Facebook profiles that were virtually identical with the exception of the name. These duplicate profiles each included a link to a video that was discovered to display fake warnings when clicked upon. Basically, after clicking on the link shown in Figure 1 below, a computer user is prompted with a fake system scan warning them of computer infections as demonstrated in Figure 2.

Figure 1. A malicious fake Facebook profile that includes what appears to be a video link. The link redirects users to a fake system scan popup.
[image source: AVG]

Figure 2. A fake system scan popup window after clicking a link on a malicious Facebook profile. The scan will later offer the purchase of a rogue security application as a solution. [image source: AVG]

This type of scam is rather old but continues to be effective for spreading malicious security software allowing attackers to extort money from naive computer users.

Facebook has taken action to shut down these duplicate malicious profiles, but the question that you may ask is; how did these hackers create duplicate profiles on Facebook? It is rather obvious that the hackers were able to bypass Facebook's Captcha. Captcha is usually in the form of a set of hard-to-read letters and numbers in an image format to ensure a human is entering information on a website instead of an automated bot. When a new account on Facebook is created, the computer user is required to enter the Captcha code. Some security researchers believe that the hackers are using an advanced method to automate the whole process and slip by the Captcha system that could have a flaw in it.

Major websites, including Facebook, have blacklisted the malicious link included in the duplicate profiles. Facebook already blocked the malicious URL from being shared on the site while they worked on identifying and shutting down the fake duplicate profiles. Facebook's spokesperson, Simon Axten, currently disagrees that the Captcha system is broken on Facebook but rather the attackers were able to commence a manual process to setup several duplicate profiles. The Captcha system used by Facebook may not be broken after-all as it is a well-trusted system called ReCaptcha which was recently acquired by Google.

The epidemic of social networks used as an outlet to spread malware is an ever-growing problem. Computer users are suggested to use caution when accepting friend requests or clicking on links within Facebook and other social networks regardless of how safe you may think it is.