A new fake video malware attack is circulating under the guise of a Facebook messages.
According to security firm Websense, the attack spreads via emails posing as personal messages on Facebook and utilises the familiar "fake codec" infection method.
The attack begins when the user is sent an email signed as a Facebook message with such headlines as 'dancing girl drunk in the pub' and 'super beautiful girl dancing.' The email then offers a link which appears to be from the popular social networking site.
Upon clicking the link, users are redirected to a third-party site designed to look like Facebook. The page loads what appears to be a video of a woman dancing within the Facebook page and then attempts to download an executable file under the name "Adobe_Player11."
The executable then infects the user with a malicious file that is believed to allow an attacker remote access to the infected machine.
The use of Facebook as an attack vector has become increasingly popular amongst malware writers and distributers in recent months. Most recently, a rogue application known as "error check system" spread over the site.
So-called 'fake codec' attacks are also a popular form of infecting users. Attack sites will often use sensational or pornographic movie files as a lure for malware infections disguised as video codecs.
