Since a few days I noticed a malicious post circling on facebook. It’s about : Just 14 years Old drunk girl did this infront of all Public

I had to delete the posts a few times from Indra Cybercafé group myself. Worst I saw was a few even complaining that facebook is going nuts and posting crap on their behalf. Come on guys … it’s not facebook. You clicked on the link first. You gave a rogue application access to your facebook account … and then you complain. It isn’t fair.

The link that you click will sometimes redirect you to an external website such as : http://dayaansaw.com/girl.php

The page displays a video player that tempts you to click on. If you click the “play” button you’re prompted with a message : “To play the video, please share it again.”

If you do … It’ll ask you for access to post on your behalf.

Still if you gave access, you must be knowing the rest. To disable the app and prevent it from dirtying your and your friends’ walls, go to your facebook settings page and click on Apps.

Under “Apps you use” clean up the mess.

On other occasions the external link with the video player prompts you to download something instead. If you’re cautious enough you will notice it isn’t a video player but an image which is linked to something else. To identify this you can view the page source and search for the video details. If the code looks like the one below it’s no video that is going to play:

<a href="#" onClick="randomlink()"><img src="horse_files/njjza.jpg" border="0" height="145" width="500"></a>
<div style="float:left;width:100px;margin-top:10px;margin-left:7px;"><a href="#" onClick="playtheMovie();"><img src="horse_files/zVmro.jpg" border="0" height="46" width="72"></a></div>

In this version of the malware attack you will be prompted with the following message:

“The VMware remote Console Plug-in is not installed or could not be found. Please install the VMware Remote Console Plug-in to access this virtual machine’s console.”

The message is a fake one of course. If you continue it’ll prompt you to download and install an application called console.exe. Some folks at onlinethreatalerts.com scanned the file and found the following threats:

File name: console.exe Detection ratio: 2 / 47 Analysis date: 2013-05-30 00:09:19 UTC
—————————————–
PUP.Adware.Agent WS.Reputation.1 —————————————–

If you have already installed this software or you believe your PC is infected with the same, download a free version of Malwarebytes to scan your PC.

Source: http://www.onlinethreatalerts.com/article/2013/5/29/malicious-post-wtf-just-14-years-old-drunk-girl-did-this-infront-of-all-public