We’ve been monitoring a new Facebook scam that is spreading via Facebook Chat messages. This particular scam usually begins with a chat message from a friend like the one below:
Example of the Facebook Chat message
Once a user clicks on the link, they are redirected via the site used in this campaign (hxxp://millium.co.cc) to a Facebook Application installation window.
Facebook App asks for access to Facebook Chat
The reason this is spreading so quickly is because the Rogue application is asking for access to Facebook Chat. Once the application is installed, it begins spamming your Facebook friends/family members with the same message seen above.
After the application is installed, the user is redirected back to the site above and presented with the following image:
Click on the picture to see yourself in a sexy photoshop!
Your attention needs to be diverted long enough to allow the message to spread to your friends and family. Clicking on the photograph takes you to a Graphic Design blog entry that contains 45 Strange and Funny Photoshop Manipulations – none of which feature a photograph of you.
This scam is spreading rapidly. Over 88,000 clicks per hour, currently sitting at over 500,000 clicks today.
88,888 Clicks Per Hour
Over 500,000 Clicks Today
At this point, we do not know what the end game is for the scammers here. The destination site results in no malicious infection and does not lead to a survey scam. Having access to a users’ Facebook Chat could allow the scam application to be used to send out other messages.
If you or anyone you know have been tricked into installing this application, you can start by removing the application from your Facebook profile. Visit the Privacy Settings page and click on ‘Edit Your Settings’ under Apps and Websites.
Find the Rogue Application under the Apps and Websites section
Once you’ve located the application (named ‘millium’) in the ‘Apps You Use’ section, click on ‘Edit Settings’ in order to remove the application.
Remove 'millium' Rogue Facebook Application
Removing the application is one thing. We encourage users, those who have been tricked into installing this application and those who haven’t to reach out to family and friends on Facebook and inform them that this scam is spreading. Knowing is half the battle.
[...] Clicking on Facebook links is dangerous business. At least a few of aren’t aware of this sad fact; otherwise, the latest scam Facebook app wouldn’t be spreading at the alarming rate of almost 90,000 clicks per hour. [...]