Blackhole Rears its Ugly Head: Facebook and LinkedIn the Tip of the Iceberg

It’s no secret that as quickly as we make ways to stop the madness, the spammers are finding ways to pump up the volume. The spam landscape is becoming more dangerous than ever, if that’s even possible, and it seems that the spammers have decided to put their knives and pistols away in favour of anti-ballistic missiles and nukes. Now, if that all seems like hyperbole to you, you’re absolutely right. But exaggeration doesn’t necessarily not make it so, good grammar be damned.

We’ve been reporting for a while now the new sightings of dangerous new spam campaigns, most notably the faux Facebook message that leads you to believe that a friend has tagged you in a photo, and a phony LinkedIn email that tries to suck you into clicking a link to find out why some dude you’ve never heard of is trying to connect with you.

In both instances, the messages are quite convincing. They’re clean and devoid of the obvious stuff that normally tips us off that the messages are from some clown with the language skills of a bearded dragon. They’re personalized, both in the subject line and the body of the message, giving you a name that’s randomized so you rarely get the same message twice. They even give you a little personal information about the fake sender. One recent message comes to mind, where an Anne Johnson, Store Manager at Jos. A. Bank Clothiers, was the ‘sender’. All this, of course, is meant to throw you off your game just long enough so that the itchy little index finger you’ve been clicking with all day falls prey to the centuries-old argument: “shucks, one more click’s not going to hurt nothin’.”

Very devious indeed. But getting you to believe the message is just part of the fun that the scam artists have planned for you. It’s the clicking part they’re really interested in, and a new report tells us just what’s in store for users who’ve been lulled into a false sense of security by promises of making new contacts and cleaning up in the office pool to see who can friend the most people.

It turns out, is reporting, that a new security report has identified Blackhole as the lurking monster waiting to pounce if you’re unfortunate enough to have been lulled by that friend request. The links, apparently, are legitimate, but the sites have been compromised and polluted with hidden iframes and redirects that affect pretty much any operating system, from “Android to Windows,” the security expert writes, so we can assume that Apple and Linux fit in there, alphabetically. A number of other legitimate firms, like American Airlines, BBC, and Verizon are mentioned as candidates for the spoofed messages, all of them very convincing and similar to what you might expect from the real company.

Interestingly enough, while the tactics and delivery method are similar, the malware payload differs. The report finds that in some instances the infected links will turn your PC into a zombie, while in others, the game is purely for information theft. We might infer from that that while the campaigns are similar, the senders are very different.

That Blackhole is involved in this dastardly campaign isn’t really surprising. We know that the thing has been around for awhile in different variants, with version 2.0 being made available to wannabe hackers late last year. What this news does do for us is remind us that we’re not in Kansas anymore, Toto. If the old playing field was dangerous, the new playing field is littered with razor blades and shards of broken glass, and we’re being sent in to play in bare feet.

If your bones aren’t chilled to ice yet, they should be. What makes this so very dangerous is the seeming innocence and validity of these emails, making even the most educated users click without thinking twice. We’ve seen others, too, most notably, messages about failed package deliveries and one regarding a failed money transfer – both of which aren’t very good and seem to have been crafted by that bearded dragon we were talking about.

In fact, since the first article on the Facebook and LinkedIn scams, we’ve noticed a couple of new campaigns, these ones preying on a very real human emotion: loneliness. Dating services which – saints be praised! – have found local matches for you. Odd, since you can’t remember signing up for a dating service, but hey, if it came from the Internet, it must be for real, right?

Written by Malcolm James


  1. Maria Ortiz · April 23, 2013

    Facebook and LinkedIn scams are the scariest because these are services almost everybody uses and they do tend to send lots of legit emails, while with BBC, or even banks and airlines the percentage of people who use them regularly is lower. These scams might redefine the way we make friends on Facebook!

  2. Caroline · April 25, 2013

    Lately, I’ve noticed that a number of posts in my news feeds are from people whom I don’t know. To make matters worse (or perhaps interesting), it seems they’re commenting or adding themselves to suspicious websites. I’m not sure if this is part of the so-called threat to Facebook. Well, I think it is. I initially reported them as spam, but they just kept on coming back that somehow I got tired.

  3. Dominic · April 26, 2013

    I had received those kinds of messages too, Caroline, and I just completely ignore them. If I am not sure if these are really legitimate or safe links, I ask my friend about it, if not I read my friend’s comments about the link. You’d know if the comments are real or not.

    Back to the topic, what bothers me is the “tip of the iceberg” thing. In other words, something worse or bigger is going to happen.

  4. Christine · April 28, 2013

    Yes, Dominic, we should brace ourselves to something even more sinister in the coming months or even weeks (or worse days). If you have been checking out some of the blog posts here, you’ll realize that spam has become even more dangerous as they’re not only annoying, but they’re also planting malware, viruses, and botnets, to name a few, into our systems.

  5. Carl · April 30, 2013

    Ergo, don’t open any mail or even believe on any claims if you’re not sure it has something to do with you in the first place. Take the last few sentences as an example. This also means you should be mindful of what you really do online. I know some people sign up nonchalantly to services.

  6. Antonio · April 30, 2013

    This is the reason why I do not click links posted on my news feed that easily. Especially the ones that come from unknown sources. I often find posts from pages or people that I do not subscribe to. These are all suspicious, so I avoid them and hide or delete them from my news feed or timeline. Since spammers have become extra daring and creative, we should all do the same in protecting our accounts. If we don’t exercise caution in the things we do online – especially on Facebook and LinkedIn – we’ll all become easy prey for spammers.

Leave A Reply