Hackers used the Christmas holiday as a social engineering lure. A facebook profile claims that it offers free Christmas Theme . The page leads to a malware that come in the form of browser plugin.
When user click the Like button, it redirects them to a URL which allows victims to download and install a malicious plugin named Free Cheesecake Factory Coupons.
The plugin floods the victim's wall with spam :
"Get Christmas Theme for FB on – – >>0< < – – free Christmas Theme for all FB users!!. Just Install this amazing new fb Christmas new look and change your profile looks show it to your friends…… [Name of tagged friends]"
TrendMicro detect it as TROJ_REDIR.CU.
![](https://pinterest.com/pin/create/bookmarklet/?media=https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheuCEFb3Ck5or9qFlBhgrqoDOSTlypzcfdCSSxXyYA7fLu0KZT4VgnvVjTgXFSlYnguw9KSeYzgkFwX6RP7UbxFE8jfkMcAABVyY4fnyQ7Ld1Hbu56taiVB3Bq59_YOZ_aarFlc5o9ygI/s1600/Facebook+spam+malware+report.jpg&url=https://www.cysecurity.news/2011/12/christmas-theme-for-free-limited-time.html?m=1&description="Christmas Theme for free ! Limited Time" Facebook spam leads to Malware){kind=link}