06/01/2011 10:00 am ET | Updated Aug 01, 2011

Facebook Malware Attack: Fake Strauss-Kahn Video Infects Mac And PC Users (UPDATE)

*Scroll down for updates.

Facebook users should be aware of a new attack that infects both Mac and PC users with malware.

This new attack, which lures users with an outrageous headline and graphic photo, shows up on the News Feed in the form of a video link that a friend has Liked.

Sophos has reproduced the text that accompanies the malicious link:

oh s**t, one more really freaky video O_O
IMF boss Dominique Strauss-Kahn Exclusive Rape Video - Black lady under attack!
IMF chief Dominique Strauss-Kahn rape scandal. Mother of Alleged Rape Victim: Dominique Strauss-Kahn Did Not Want To Be President of France - ABC News

The post refers to the ongoing scandal surrounding former International Monetary Fund leader Dominique Strauss-Kahn, who faces charges for the alleged sexual assault of a hotel maid.

Clicking the link will redirect users to a Lithuanian server that dishes out malware to Mac and PC users alike, according to F-Secure.

The site infects PCs with a trojan, while the Mac variant of this malware apparently resembles fake anti-virus download Mac Defender. Although Apple issued a security update (2011-003) to remove Mac Defender and its ilk from infected Macs, ZDNET notes that it doesn't stop users from downloading malicious files.

The attack has been spreading since at least Tuesday, and a search of OpenBook reveals that it was still affecting users on Wednesday morning. "This could be due to the fact the attack is utilizing Facebook 'Likes' rather than posting links to user's Walls which can be more easily filtered by Facebook's security team," F-Secure suggests.

View the post (below), then take a look at 9 more Facebook scams you should be aware of. If you've fallen for a Facebook scam, we've got tips on what to do to clean up and take back control of your profile (here).

LOOK: [via Sophos]


UPDATE 1: The malware scam appears to have morphed, according to The Register.

The trojan scam may be masquerading as a new Facebook post with a link to a supposedly explicit video, this one claiming to feature Rihanna and Hayden Panettiere.

Sophos has posted the new text:

one more stolen home porn video ;) Rihanna and Hayden Panettiere
Hot Lesbian Video - Rihanna And Hayden Panettiere!!
Rihanna And Hayden Panettiere !!! Private Lesbian HOT Sex Tape stolen from home archive of Rihanna!

Check out the new post (below).


UPDATE 2: By Thursday morning, Facebook appears to have at least slowed the spread of several iterations of this malware attack.

A search of OpenBook reveals that neither of the above attacks had been posted in several hours. (Check their status here and here.)

F-Secure writes that Facebook has removed many of the posts that spread the attack earlier this week.

"Contrary to our earlier post, rather than using the 'Like' feature, we now think the malware was spreading by posting directly to Facebook accounts," F-Secure also wrote. "The posted link used the Like feature's icon rather than icons used by Links or Videos."

[hat tip, S.N.]