WARNING: Phishing Scheme Targets Facebook Employing Malicious Tumblr Pages


   Today Baidu Antivirus got a couple reports of pretty convincing Facebook spam redirecting users to malware and a Facebook phishing site.
   The initial bait is a message that you may receive from one of your Facebook friends, whose account was compromised. The message claims that “my uncles home is burning or “my mom's car went up in flames” ,also contain a link to Tumblr that show a crime that was committed against the friend or a close relative of the friend. The message below shows an example, but the exact message varies. The link then claim to be housed on Tumblr.


   Once the user clicks on the link to the Tumblr page, they are immediately redirected to a very plausible Facebook phishing page, asking the user to log in.
   Due to the size of the URL, and the fact that the host name starts with "", it is hard for the victim to realize that this is not a valid Facebook page.
   The fake Facebook page will ask the userfor a username and password as well as for a "Security question".

   Finally, the user is sent to a Youtube look-alike page asking the user to download and install an updated "Youtube Player". The player appears to be a generic downloader with Baidu Antivirus detection.

   Baidu Antivirus users can prevent this type of Facebook Phishing Campaign from infecting their computers by simply enabling real-time protection. It is recommended that the other users download the latest version of Baidu Antivirus and enable the real-time protection feature.