NewsA new harmless but very annoying worm is crawling in meadows of Facebook. The malware does nothing but keeps posting a message on the users` walls. The worm, discovered by F-Secure, does nothing more malicious than posts a message on an infected user's Facebook wall that point to a site called fbhole.com. Nevertheless, the speed of its spread on the social networking site has started to worry net security analysts. The message that the worm posts reads: "try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]". It seems that already thousands of users walls are displaying this message .
Figure 1. Sample Infected Users If a user follows the link, his browser will be redirected to a page, showing a fake error message. If someone clicks anywhere on the page, he will run a script that will try to post the same message to his Facebook wall.
Figure 2. Site With The Invisible Iframe This is done with an invisible iframe that follows your mouse around, causing users to click on an invisible "publish" button. Fortunately, except the wall message post, nothing else happens.
Figure 3. Iframe Code F-Secure followed the research on the Web sites, serving the malicious script. The domain fbhole.com was registered only a few days ago and points to an IP address in Czech Republic shared also by another site ironbrain.net. Both sites are down at this moment. |
User Comments