Warning : Emma Watson scam worm spreading widely on Facebook
Hackers have now leveraged the popularity of Harry Potter's star Emma Watson in a Facebook scam that offering Sex tape of popular Hollywood movie star Emma Watson with a malicious link, actually spreading the malicious links and Porn images on infected user's profiles.
This isn't the first time Emma Watson has been used as the bait in a scam and it surely won't be the last. The worm hitting Facebook Profiles and Groups with post of malicious porn link and tagging others too in same post.
Hackers are abusing Google Translate and Short url services to keep their links unblocked by Facebook's automated malware scanner. Click that link will redirect user to a webpage asking for "Age Verification" , as shown below:
Website will ask user to follow some step, before offering the video. In Step one asking them to Click a link, that will be used in Step two and three for generating an activation code. Once user will click "Activate", he will be redirect to another page and his Facebook Profile will get logout automatically.
In meantime, the virus will spread on victim's profile and automatically will post same Emma Watson scam post on their wall, tagging 12-15 friends on the comments. This new post will them offer same video and steps to others.
The people who are running this scam are earning huge money from advertising networks. I tried to find out the people behind this scam, following are some evidences:
1.) Open the source code of the scam page, asking for "Age Verification", In hidden form parameters a Google Adsense publisher ID is mentioned i.e "pub-0820544532937748". Google Adsense offer web admins to earn money by placing advertisements on their websites. That means, culprit behind the scam is using Google adsense on all his website with given Publisher ID.
2.) There are many online tools available,that offer you to search all the websites using same Google Adsense Publisher ID i.e http://www.solinet.org/adsense/pub-0820544532937748/.
3.) All above listed websites are owned by our suspected Cyber Criminal, who is offering fake Emma Watson video and spreading malware to earn money from advertisements.
4.) I open all above sites and found that 5 out of them are Displaying Google Ads on them with same Publisher ID. Then I check the domain registration details and found that majority of domains are owned by an Italian guy name - "Walter Coraccio" i.e http://who.is/whois/sportlive.it
5.) Further i tried to check out the source code of these sites and found two interesting meta tags
6.) These meta tags are actually used to defined the site's owner and Facebook Page. In this case, website owner is http://facebook.com/100001246114887 OR https://www.facebook.com/dev.banzai , name : Dev Banzai , an Italian web developer with few post and two friends in his profile, who are also web developers.
No idea that these developer are really behind this huge Facebook scam worm or not ? But You should never click on a link that appears on your Facebook page with some malicious content, either its from someone you know.
