Sophos: HIPPO-VOMITING Anaconda Targets Facebook users in survey scam
August 2010 by Sophos
IT security and data protection firm Sophos has produced a video warning computer users about a new survey scam that is spreading virally across Facebook. The attack involves a rogue application that automatically posts status updates and wall posts on affected user profiles with the following message:
"OMG, this is the biggest and scariest snake I have ever seen, check out this video [LINK REMOVED]"
The link takes users to a rogue Facebook application which tricks them into granting permission for the app to access their profile, list of friends and to be allowed to re-post the offending message as a status update and wall post. Once a user has granted access to the application, they are then directed to complete online surveys with the promise that only then can they see a video entitled "Anaconda Coughs Up An Entire Hippo!"
"This is one of the most bizarre scams we have ever seen on Facebook, but its purpose remains familiar - the rogue application sends spam to draw Facebook users into taking these surveys," said Graham Cluley, senior technology consultant at Sophos. "Each time a victim completes a survey, the scammers make some commission. Even if you don’t take the survey, the rogue application has already abused your Facebook account - changing your status message and spreading an advert for the alleged ’shocking video’ to your news feed, spreading the scam even further."
Sophos demonstrates in the video - which journalists are free to embed - how Facebook users can delete entries related to the offending application, and how to remove the application itself.