Facebook has been plagued by spam! Keith spoke about “Bad News for AdSense users” spam which targets webmasters just yesterday, and we have a new “See what you’ll look in the future” spam plaguing Facebook today. The new spam is virally spreading across Facebook by automatically sharing itself to your friends and family without your consent.
You might come across the spam as a picture of an old man with a link “See what you’ll look in the future!” from your friends on Facebook. Something like this:
Have you noticed the number of people who have shared it on their walls? That’s how the spam spreads.
When you click on the link, it will redirect you to their Facebook Fan page with an iframe on it. Yes, Facebook now encourages iframe to design fan page, which allows you to add any malicious or non-malicious code into your fan page, which is hosted on remote servers.
To innocent users, it looks like regular fanpage with a “Show Me” button. When you click on this button, the fan page will ask you to click CTRL + C, ALT+D, Ctrl+V and Enter key. In reality pressing CTRL+C will copy a piece of code to your clipboard, when you press ALT+D, your address bar will be highlighted, and finally when you press CTRL+V that code will get pasted into your address bar and Enter Key will execute that script.
The script will then advertise itself to all your friends and family with your consent. Please be careful, and do not fall for it. This is the code which the fan page will ask you to page in your address bar:
as you can see, it appends code from another domain charge1.in.