It happened to me twice today. I had a facebook chat like this with someone I know from real life:
hiat which point I received a tinyurl address, leading to a malware delivery site.
Wanna laugh? :)
my reaction was:
ops! that was a virus, good thing i dodged itA bit later, another person I know from real life:
There are no viruses there
hiPre-emptively I tried to check in front of me is a real person:
how are you?It continued:
ok. wanna laugh? :)But I received again a tinyurl encoded address to which I didn't reply further.
Seeing this primitive dialogue, I suspect there is a malware with some chat boot embedded or a low-wage worker in the 3-rd world.
Anyway, the malware addresses will lead you to a fake personalized YouTube page like this, trying to make you run an .exe:
See the problems:
- the numeric URL is the first thing to give it away as malware, unfortunately some browsers, like Chrome, will hide the URL bar by default, leaving the user more vulnerable (Furefox is expected to blindly copy this feature too, making even more naive users vulnerable)
- the target has knowledge of my real name, making me more inclined to trust the source;
- the "video" is a link to an .exe file, something able to trick unsuspecting Windows users;
- the first couple of comments are fom real facebook contacts, making you be even less suspecting;
- the status bar shows the download as being an .exe, Firefox removed the status bar at all before FF4 and restored it after the users outcry, it shows it was a wise decision.
What can I say? this is a pretty sophisticated attack, combining AI (bots), social engineering, competent crafted design and advanced use of facebook APIs. Be careful!
PS: of course nothing bad happened to me, I spotted the URL instantly, noticed the .exe and don't run Windows anyway.