It is old news by now that cybercriminals are spamming Facebook and other social media with “shocking news” spam posts. But so far most were generic, centered around global disasters such as the recent Japan earthquake or various “gossip news” about celebrities. Now we’ve also spotted “Irish-themed shocking news” scams appearing.
Either generic “news” or actually credible, with believeable locations or names, all these Facebook spam posts are still scams. They usually lead to clickjacking sites, propagate the spam message to walls of victims’ friends or infect the victims’ computers with malware, pretending to be required software for viewing the “shocking video”.
This particular scam is a variation of “Rollercoaster accident in California” scam, and to watch the video the user must agree to give the application developer full access to their basic information and the right to post to their wall. Allowing them this access gives the scammers permission to spam their message on the user’s wall for all his/her friends to see. This is how the scam spreads. One should never give untrusted third party applications this much access to their personal profile.
After allowing this, the scam further asks the user to complete a survey (and the cybercriminal is receives money for each survey completed), and then willingly or unwillingly the user gets to download some software, which usually contains malware. If the survey asked for a mobile number, the user’s mobile could also be charged for some bogus service.
Irish Facebook users are therefore warned not to click on suspicious posts by their friends, as this is the only way to prevent the spread of the scams. While Antivirus software may prevent malware infection on their computers, it cannot prevent further spread of Facebook scams and further infections of their friends.
Fake/Rogue E-Set Antivirus 2011 malware
ESET has received reports of a fake/rogue security software program disguised with a false ESET Antivirus image with the name “E-Set Antivirus 2011”. ESET usually detects this rogue as variants of Win32/Kryptik or Win32/RogueAV.
There are several variants of this malware, but the most recent sample displays the following window:
ESET Ireland 
One thought on “CyberThreats Daily: Irish themed Facebook scams reported”