Loading....

Spiders, oh my!

Well, I thought it was just my ‘friends’ on Facebook that were clicking the spider link, so I just left them to their own devices (I’ve warned them a million times about this sort of stuff and they choose to ignore the warnings).  I’ve seen a bunch more people click that link though, so I figured I’d put up a blog post about it.

The spider link on Facebook isn’t going to show you any videos of *disgusting* stuff.  You’re not going to see baby spiders coming out of someone’s bellybutton.  Why the hell would you want to see that anyway!?  😀  If you or any of your Facebook friends have clicked on the bogus link, chances are your system is infected.  In case you don’t know what the link looks like, here it is:

Fake Facebook Spider Post
Fake Facebook Spider Post | Click to Enlarge

While we’re on the subject, you might want to *avoid* the Free iPad Facebook posts, along with the naked chicks.

If you want to click on these types of links, let us know.  We can configure your system so that you’re protected once you click links like this and realize they are completely fake and do nothing but invite viruses onto your system.

[Warning] Virus via Fake Justin Bieber Facebook Post

The Biebs.  The Biebs.  We all love her.  This latest social engineering attack comes by way of Justin Bieber and a “video that ends his career for good.”  I guess these sorts of links are irresistible too.  It’s the guys clicking this one!  😀

Justin Bieber Facebook Malware Removal
Fake Justin Bieber Post | Click to Enlarge

We’re *all adults, so I’m not going to blur out the middle finger.  😀  Ok, so I have to give *them* some credit on this one.  In Facebook posts, they always show the domain name – e.g. in this case, linkedin.com.  If you hover your cursor above the link though, it reveals the following:

Linkedin Redirect URL
Linkedin Redirect URL | Click to Enlarge

The LinkedIn domain name is completely legitimate!  There’s actually a *flaw* of sorts in LinkedIn’s code.  The redirect?url= variable accepts any URL, as long as it begins with www.  So I’m able to enter http://www.linkedin.com/redirect?url=www.thecomputerpeeps.com and it will take you to our website.

Someone noticed this and realized, “hey, Facebook only shows the domain name.”  They take you off to their site and launch a screen shot of a Justin Bieber video, re-post to your Facebook wall and write a virus to your hard disk…

Fake Justin Bieber Video
Fake Justin Bieber Video | Click to Enlarge

Well, since LinkedIn is a legit site, Facebook is going to let it slide.  Yikes!  So really, this issue begins with LinkedIn’s system.

When you see this post, mark it as SPAM…

Report scam Facebook posts as SPAM
Report scam Facebook posts as SPAM | Click to Enlarge

Not even a week from our Social Media Frenzy workshop in Dallas and we see a new, smarter malware post.  I was discussing this with Kate Holmes and a good way to explain this, is to equate it to the flu shot.  Without people poking around and finding all of these flaws, systems would remain insecure and vulnerable to attack.

If you or anyone you know clicked on that link out there in the Facebook Feed, your system is infected (if it didn’t pop-up a quarantine notification right away).  You know the drill -> http://mycp.biz/thecomputerpeeps_eset.

Don’t forget to read our other posts that show other types of Facebook social engineering attacks.

Back To Top