Site of activity: Facebook.
Mode of Action : Likejacking ( making you 'like' a page without your direct consent).
Description : Posts a fake video in the news feed of the victim with a caption 'OMG - I can't believe Justin Bieber did this to a girl'. If you are a friend of the victim it will appear in your feed too. If any one clicks to view this video they will be redirected to a fake 'Security check' page which is specially designed as a look alike of Facebook for like-jacking.
The security check asks you to add up 2 and 3 and enter the result in an answer box. If you click on the answer box while being logged in to Facebook, congrats, you are clickjacked. A new news feed item will be posted in facebook on behalf of you with the same fake video and fake links.
So far there are no news of any private information being stolen by this spam.
Here is a screen-shot of the page at bieberwow.info
You can see that the buttons look just as in Facebook.
What to do if you are like-jacked: Just remove the post from your news feed. This way you will be rendered non-contagious.
Prevention : The spam can work only if you click the fake page while being logged into facebook. If you have already logged out, you are safe. Do not click any link that shows bieberwow.info in the target. Also turning off the javascript might help. Sorry that I am not a techie to say the last one for sure.
History: This is the rebirth of a previous click-jacking attempt using Justin Bieber's name. The first attempt was titled 'I can't believe a girl did this to Justin Bieber'. It affected about 20000 facebook users before being contained by facebook staff. I am not sure about the involvement of bieberwow.info site in the previous attack. But I think the redirect was to a different site.
