Facebook friend spam / Koobface
Thursday, December 4. 2008
Since a few days, a new round of malicious friend messages is going around at Facebook. The messages all look similar, an example is
Once a victim clicks on the link, he also needs to confirm the redirect on the Facebook site. Afterwards, the attackers use social engineering to trick the victim into installing the malware sample named
Fortinet has some more information on a related incident: http://www.fortiguardcenter.com/advisory/FGA-2008-26.html
"Oh noooooo
hxxp://www.facebook.com/l.php?u=hxxp://geocities.com%2Fmaxmonroe79%2Findex.htm..."
To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox/readmessage.php&t=10085171....
Once a victim clicks on the link, he also needs to confirm the redirect on the Facebook site. Afterwards, the attackers use social engineering to trick the victim into installing the malware sample named
flash_update.exe. I have also uploaded a movie to illustrate the infection process and to test the new media options I added to this blog: http://honeyblog.org/pages/20081204-koobface.htmlFortinet has some more information on a related incident: http://www.fortiguardcenter.com/advisory/FGA-2008-26.html
