Facebook Scam Promising Naked Videos Infects Millions

An example bogus YouTube page, with nary a naked friend to be found. Credit: BitdefenderAn example bogus YouTube page, with nary a naked friend to be found. Credit: Bitdefender

Who doesn't want to see naked videos of his or her Facebook friends? That's the premise of a new malware-distribution scam that has infected 2 million people, according to Romanian anti-malware company Bitdefender.

The scam, which spreads a piece of malware called Trojan.FakeFlash.A, first appears as an advertisement on Facebook pages with a title such as "[Friend's name]'s private video" or "[friend's name]'s naked video." You'll also see a picture of that friend, drawn from your friend's Facebook photos, in the ad.

MORE: 7 Ways to Lock Down Your Online Privacy

Clicking on the link leads you to a fake YouTube page so realistic that it even has an age gate, which claims the video's content is restricted due to YouTube's community guidelines. The age gate is easy to bypass, but once you get to the actual video, the page will claim Adobe Flash Player has crashed and you need to install an update.

Needless to say, you shouldn't install that fake Flash Player update. But it may be too late, because the malicious YouTube page will attempt to infect your browser with a drive-by download as soon as you land on it.

The downloaded Trojan installs itself as a browser extension, accesses your own Facebook photos and then repeats the infection process by promising your Facebook friends more naked videos -- this time, of you.

Good anti-virus software will block the drive-by download, but you might still be tricked into clicking the "Update Flash Player" button on the fraudulent YouTube player, which also triggers the infection.

This naughty Trojan has appeared in the wild only recently, but it's already hit several countries, including the United States, says Bitdefender.

Attacks based on fraudulent Flash Player installers have been around for years. This one is spreading particularly rapidly, thanks to its ability to install itself in multiple ways.

If you don't want this scam to catch you with your pants down, install robust anti-virus software that protects your browser from drive-by downloads. And never, ever click on a broken video clip that offers an Adobe Flash Player update. Instead, go straight to the Adobe site at http://get.adobe.com/flashplayer/.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
    Your comment
  • das_stig
    If your stupid enough to click on a link offering these on Facebook, I have no sympathy for what infects your PC and deserve everything you get !
  • mgilbert
    Oops... that you have a life...
  • agentbb007
    LOL have to give credit to the hackers on this one that is a good one. And I have no sympathy for the pervs clicking on this link :)