Recently, lots of Facebook users have been deluded into clicking on “Activate Dislike Button”.
Taking advantage of users’ desire for Facebook’s Dislike button, several spam messages about the activation of the Dislike button have appeared to take control of users’ Facebook accounts for spreading spam messages.
Spam message about “Activate Dislike Button”
If users click on “Activate Dislike Button”, their browsers will be redirected to http://lnktrn.ch/dislike, a fake Facebook’s page where users are requested to copy a code before executing it on their browsers to enable the “Dislike” button.
Immitating Facebook’s instruction
The code to spread spam
Once the code is activated, the users’ Facebook accounts will be used to propagate similar spam messages.
Massive spam messages are sent from the victims’ accounts
Then users will be required to verify their accounts, another fake request, to enable the Dislike button.
Request to verify fake account
Once “Continue” button is clicked, users’ browsers will be redirected to http://lnktrn.ch/dislike/dislikebutton.php, a page that looks like an account verification page of Facebook. After analyzing the page, we saw that it executes a flash code. However, due to certain errors, the flash could not display its content. The flash may serve as a notice to trick users into entering their username and password to log into their Facebook accounts.
The content of http://lnktrn.ch/dislike/dislikebutton.php
To ensure the security of your account, you are advised to be cautious with similar messages, and only expect new function notices from Facebook’s official website.
Tran Minh Quang