A Facebook phishing attack is on the loose this weekend. The attack attempts to steal your Facebook login credentials, install malware on your computer, and even get your home address.
The attack is spread via a “hilarious video” posted to Facebook walls, via a report on WebSense, when the wall post is clicked, a form appears requesting your Facebook login.
The attack then returns you to the Facebook site, and will installs an app called “Media Player HD”, and asks you to download the “FLV player”. This download of the FLV player is actually the malware installing on your machine. That’s not the end of the attack. Depending on your location, you may also be presented with a contest to win an iPad, and if you fill the information requested then they have your address.
To avoid getting caught, simply remove the video if you see it on your Facebook wall. If you see it on a friends website let them know they might have been a victim of malware. If you already fell for the attack or a friend has follow these steps.
- change your Facebook password
- uninstall the Facebook app (often called “Media Player HD”)
- run a virus/malware scan on your computer.
The video below, courtesy of Websense, explains the attack.