'Shocking' Facebook Video Ends Up Owning Your Computer
If one of your Facebook friends sent you a "shocking" YouTube video about yourself, would you watch it?
Sounds fishy, you say? Facebook has plenty of scams, after all.
Well, what if the video on the YouTube page had your name in the title, and other friends of yours had already seen the "shocking performance" and posted comments laughing at you? Comments like "The new TV star!" and "One word for it TERRIBLE!"
You'd probably try to watch that.
If so, then you'd have fallen for one of the most ingenious scams to appear in months. And it might be just the beginning of a saga that could end with cybercriminals completely taking over "owning," in hacker jargon your computer.
The scheme fakes YouTube, fakes your friends, fakes your anti-virus software and even fakes your own name. It then uninstalls your anti-virus software, rewrites your Registry (the main set of working instructions for a Windows machine) and drags your PC into a peer-to-peer malware network.
The Romanian security firm BitDefender was the first to notice the scam, which incorporates a Trojan dubbed "Trojan.FakeAV.LVT."
The scheme starts out by getting your name and those of your friends from a very convenient place: your Facebook page. (We've already seen how information posted on Facebook helps even the most amateurish cybercriminals. ) And if you're a regular Facebook user, you might already be pretty gullible, as a new study has just found .
Flash ahh ahh!
A posting on BitDefender's Malware City blog details the next step, which appears when you press "play": on the YouTube video.
Surprise! Instead of seeing the video, you get an advisory: "You need to upgrade your Adobe Flash Player."
Longtime readers of SecurityNewsDaily know that whenever they see a Flash upgrade advisory, they should NOT try to upgrade directly from the webpage involved. Instead, they should open a new window or tab and manually type in this address: http://get.adobe.com/flashplayer/.
But you don't have time for that. You want to see what's got your friends laughing at you and you want Flash Player to work. So you click the link that reads "Download it from Adobe now."
That's when the real trouble starts. You're actually downloading the aforemention Trojan, so categorized because it's something bad pretending to be something good.
The Trojan creates a hidden directory on your computer, then rewrites the Registry so that it can get through whatever firewall and/or anti-virus software you have installed. (You DO have anti-virus software , don't you?) It disables Microsoft's Automatic Updates as well.
A full bag of tricks
The malware then does something very clever. It's got a whole repository of templates and pop-up windows corresponding to the major brands of anti-virus software. It checks to see which one you're running and then pretends to be it, right down to your preferred language.
As for your real anti-virus software, it's been selected for removal. In order to complete that process, you need to reboot your machine which the malware, pretending to be the real anti-virus application that's about to be removed, urges you to do, twice, to complete a security update.
Two reboots later, and a friendly pop-up window tells you the update's been completed and that tech support staff will be happy to answer your questions if you just send them your cellphone number. (Remember, they've already got your name, and those of your friends, too, so giving them your number would send them even further on their way to stealing your identity.)
Now that your machine has no anti-virus software and a deactivated firewall and is no longer receiving Microsoft security updates, it's time for the malware controllers to go to work.
Your machine will begin downloading dozens of files tailored to its operating system Windows XP, Windows Vista or Windows 7.
It will begin communicating with other PCs hijacked by the same malware. It will probably starting sending out spam, joining a botnet or pumping out more fake YouTube videos to snare more victims.
And you probably won't feel a thing.