We’ve been monitoring a new Facebook scam that is spreading via Facebook Chat messages. This particular scam usually begins with a chat message from a friend like the one below:
Once a user clicks on the link, they are redirected via the site used in this campaign (hxxp://millium.co.cc) to a Facebook Application installation window.
The reason this is spreading so quickly is because the Rogue application is asking for access to Facebook Chat. Once the application is installed, it begins spamming your Facebook friends/family members with the same message seen above.
After the application is installed, the user is redirected back to the site above and presented with the following image:
Your attention needs to be diverted long enough to allow the message to spread to your friends and family. Clicking on the photograph takes you to a Graphic Design blog entry that contains 45 Strange and Funny Photoshop Manipulations – none of which feature a photograph of you.
This scam is spreading rapidly. Over 88,000 clicks per hour, currently sitting at over 500,000 clicks today.
At this point, we do not know what the end game is for the scammers here. The destination site results in no malicious infection and does not lead to a survey scam. Having access to a users’ Facebook Chat could allow the scam application to be used to send out other messages.
If you or anyone you know have been tricked into installing this application, you can start by removing the application from your Facebook profile. Visit the Privacy Settings page and click on ‘Edit Your Settings’ under Apps and Websites.
Once you’ve located the application (named ‘millium’) in the ‘Apps You Use’ section, click on ‘Edit Settings’ in order to remove the application.
Removing the application is one thing. We encourage users, those who have been tricked into installing this application and those who haven’t to reach out to family and friends on Facebook and inform them that this scam is spreading. Knowing is half the battle.