Saturday, June 18, 2011

comment spam using CAPTCHAs to trick users

Looks like we get a new variant of Like-Jacking based on involuntary comments by tricking the user to enter a CAPTCHA

When you click on a friends link to a "funny" youtube video, the next page asks for a Youtube Security Verification

Comment2-clean

This page is acutally a facebook comment page for the spam page that asks you to enter "ha haha" into the comment fields, you can enter anything of course, but most people will try to match the CAPTCHA text.

 

Comment1_pixel

The resulting comment entry in your own stream looks like this, due to the fact that Facebook sorts posts by relevant users and by time by default means that you will not even notice that you posted a comment unless you change to sort by date.

The following page is made up to look like youtube however it is a page created by the spammer to place a few ads and open popups, the video is started by clicking onto the broken "youtube" video.

 

 

No comments: