Hippo-vomiting anaconda targets Facebook users in survey scam, Sophos warns

August 10, 2010 Sophos Press Release

IT security and data protection firm Sophos has produced a video warning computer users about a new survey scam that is spreading virally across Facebook. The attack involves a rogue application that automatically posts status updates and wall posts on affected user profiles with the following message:

"OMG, this is the biggest and scariest snake I have ever seen, check out this video [LINK REMOVED]"

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

The link takes users to a rogue Facebook application which tricks them into granting permission for the app to access their profile, list of friends and to be allowed to re-post the offending message as a status update and wall post. Once a user has granted access to the application, they are then directed to complete online surveys with the promise that only then can they see a video entitled "Anaconda Coughs Up An Entire Hippo!"

"This is one of the most bizarre scams we have ever seen on Facebook, but its purpose remains familiar - the rogue application sends spam to draw Facebook users into taking these surveys," said Graham Cluley, senior technology consultant at Sophos. "Each time a victim completes a survey, the scammers make some commission. Even if you don't take the survey, the rogue application has already abused your Facebook account - changing your status message and spreading an advert for the alleged 'shocking video' to your news feed, spreading the scam even further."

Further information about the scam can be found on Graham Cluley's blog

Sophos's Facebook group, which warns of emerging threats on Facebook, can be found at www.facebook.com/pages/Sophos/28552295016