- Number 1 with PC news -
 

News

Aurelija
7
Vote
0

Spammers Attack on Facebook… Again?!

Contributed by: Aurelija
Date: 2008-11-10

facebook-customized-img.jpgWell, it seems that Facebook is going to be one of the most targeted websites these days. Cyber-criminals are constantly choosing this social networking site as the enticement to trick their potential victims. This time security experts at Websense Security Labs inform everybody about the Koobface social networking worm being spread on Facebook.

This threat comes with an email purportedly sent from Facebook. The email reveals that infected user accounts are being used to post messages to Facebook friends lists. The user is prompted to watch the video of him or her. This link uses a Facebook open redirector.

Below you can see a screenshot of a sample email:

facebook_spam_email_pub.png

As soon as the recipient clicks on the provided link, he or she will be redirected multiple times. Finally, the victim is navigated to the website masquerading as YouTube that serves a malicious Trojan downloader.

Here you can see a screenshot of this malicious website that is serving the Trojan downloader:

FacebookWormEndingPagePub.png

How does the whole system work? The Facebook link directs to a malicious account hosted at Geocities.com. The malicious Geocities account includes an obfuscated JavaScript link to http://lost[REMOVED]/js/js.js, which goes to http://off3[REMOVED]/go/fb.php. Then, the .php file next redirects to either http://youtube-spyvi[REMOVED]/?schk=&keat= or http://youtube-x[REMOVED]/?ch=&ea=. These sites serve the malicious "flash_update.exe" (SHA1: 62689f89f1c5f6df10f4c7096772468d4c8e458a) file.

According to anti-virus software company Symantec, the Trojan works by executing a worm called W32.Koobface.A that searches for cookies on the user's machine. If the worm finds the appropriate Facebook cookie, it modifies the users account settings and profile - adding links to malicious sites to trick others into installing the invader. Installing the fake upgrade allows the worm to work its magic and access files on the victim's machine while destroying their Facebook account.

http://www.pc1news.com/downloads/registry-medic-960.html

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Latest Comments

2009-01-04 09:38:26
I need to change reg value for a local user ......... Plz help more..
2009-01-03 15:53:35
I removed all autorun.inf files from my system, found no otorun files or folders but still the virus... more..
2009-01-02 13:45:14
Larry, Wow! I can't believe it. We will look into this on Monday. Have a good weekend... more..
2009-01-02 10:25:30
The author obviously has no understanding of how memory is managed in a virtual memory system. To improve... more..
2008-12-31 07:59:11
please how to desiable local group policies in gp more..
more comments..
rss
Home > E-mail > Spammers Attack on Facebook… Again?!