Peaches Posted July 6, 2010 Report Share Posted July 6, 2010 Jul4KOOBFACE Spreading via Facebook DMs Again The infamous KOOBFACE botnet is sending direct messages (DMs) on Facebook. If this sounds familiar… it should be, as this tactic was previously discussed here in the Malware Blog back in March. The hook is somewhat similar to a ZBOT attack also spotted in March. That attack claimed that someone posted pictures of the user; this one uses a video instead. The text and link in the message are: Someobdy uplaod a vdieo wtih you on utbue. you shuold see. http://www.facebook.com/l/ae2d7CYBUtLFPs-LAKPMtRXKpBA;www.{BLOCKED}rotherz.ca./19mai/” As is frequently the case in these kinds of attack, the English used in the message is comically bad. The URL, however, is somewhat disguised—the first domain name the user sees belongs to Facebook. This is because the link does legitimately go to Facebook first. Any URL with the format http://www.facebook.com/l/{random character};{redirected URL} brings up the Facebook preview page for external links. Apparently, cybercriminals are betting that users will ignore the warnings and proceed to their site anyway. If users do go on to visit the malicious site, this is what they see: More detail & screenshots - http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.