Newsfeed
Nachrichtenbote
We received reports from our colleagues in Hong Kong yesterday about more malware being distributed on Facebook.
If you're a Facebook user, you may get a message like this, supposedly from a 'friend'. Since the message was sent by a 'friend', the likelihood that you would click on the link is much higher. On clicking the link, you would be redirected to a hi5.com site that looks something like the one below.
Not surprisingly, the website will tell you that you need to 'update your Adobe Flash Player' by downloading a file. Of course, no matter how many times you try, you don't get to see the video. You do get infected though.
When we investigated this yesterday, the links were down and obtaining a sample for analysis was not possible at that point in time. Thanks to Lordian however - who tried again after being woken up by his neighbors late last night - we succeeded in obtaining a sample, which is detected as *Net-Worm.Win32.Koobface.bp* .
Incidentally, if you are using any platform other than Windows, you just get redirected to the real YouTube.
It looks like Facebook is increasingly becoming a popular target. Just read the Facebook Public Discussion Board and you will find many such discussions going on there. We also noticed that there is a Facebook Phish that is still alive at http://www.faceiibook.com and registered in China.
Another team effort by the Response Team - Lordian, Jojo & Fei On 15/10/08 At 02:59 AM
Weiterlesen...
If you're a Facebook user, you may get a message like this, supposedly from a 'friend'. Since the message was sent by a 'friend', the likelihood that you would click on the link is much higher. On clicking the link, you would be redirected to a hi5.com site that looks something like the one below.
Not surprisingly, the website will tell you that you need to 'update your Adobe Flash Player' by downloading a file. Of course, no matter how many times you try, you don't get to see the video. You do get infected though.
When we investigated this yesterday, the links were down and obtaining a sample for analysis was not possible at that point in time. Thanks to Lordian however - who tried again after being woken up by his neighbors late last night - we succeeded in obtaining a sample, which is detected as *Net-Worm.Win32.Koobface.bp* .
Incidentally, if you are using any platform other than Windows, you just get redirected to the real YouTube.
It looks like Facebook is increasingly becoming a popular target. Just read the Facebook Public Discussion Board and you will find many such discussions going on there. We also noticed that there is a Facebook Phish that is still alive at http://www.faceiibook.com and registered in China.
Another team effort by the Response Team - Lordian, Jojo & Fei On 15/10/08 At 02:59 AM
Weiterlesen...