More Self-XSS Scams Targeting Facebook Accounts

Social networks continue to be one of the resources that cyber criminal use to promote their attacks. Self-XSS is a new way used by hackers to compromise accounts on Facebook. the attack consist of malicious JavaScript or client-side that will be executed by the web browser and this will provide attacker access to victim account for fraud, spam and promoting further the attack by posting on timeline to friend list.

Attacker claiming on this case that they will provide a way to hack any Facebook user by following some simple steps but they are actually looking to run a Self XSS attack by urging user into pasting or injecting malicious code into their web browsers. the code will sign out the victim and ask the user to login one more time and here attacker will receive username and password for victim.

The posted scam looks as follows:

Hack any Facebook account following these steps:

1. Go to the victim’s profile
2. Click right click then click on inspect element and click the “Console” tab.
3. Paste the code into the box at the bottom and press Enter.

The code is in the web site: http://textuploader .com****/

Good luck: *

Don’t hurt anybody…

Self-XSS

To avoid Self-XSS social scam make sure to never copy past suspicious links from unknown sources to your browser, you can also report the post using the small triangle tab in the upper right hand side of each post, and then selecting “Report/Mark as spam” from the drop-down menu. If you want to check the URL try to use a virtual environment with sandbox that you can find over this poste: http://www.sectechno.com/2010/10/03/playing-around-malwares/

Share
You can leave a response, or trackback from your own site.