< Old Entries / Honeypot Presentation | Client-Side Honeypots >

Facebook friend spam / Koobface

CWSandbox
Since a few days, a new round of malicious friend messages is going around at Facebook. The messages all look similar, an example is
"Oh noooooo
hxxp://www.facebook.com/l.php?u=hxxp://geocities.com%2Fmaxmonroe79%2Findex.htm..."

To reply to this message, follow the link below:
http://www.facebook.com/n/?inbox/readmessage.php&t=10085171....

Once a victim clicks on the link, he also needs to confirm the redirect on the Facebook site. Afterwards, the attackers use social engineering to trick the victim into installing the malware sample named flash_update.exe. I have also uploaded a movie to illustrate the infection process and to test the new media options I added to this blog: http://honeyblog.org/pages/20081204-koobface.html

Fortinet has some more information on a related incident: http://www.fortiguardcenter.com/advisory/FGA-2008-26.html
This entry was posted by Thorsten Holz on Thursday, December 4. 2008 at 13:27. and is filed under CWSandbox, malware. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. facebook app development says:
    #1 2011-06-16 09:24 (Reply)

    There have been so many random people adding me on Facebook lately. A few days later the attempt to have me contact them on an e-mail address which is clearly intended to SPAM me or infect my computer with a virus. What adjustments has Facebook made in their E-mail to detect Spammers targeting their users?

  2. SEO Chicago says:
    #2 2011-07-07 01:11 (Reply)

    Is this going to effect the way that the Facebook "like" application functions? I receive SPAM e-mail on Facebook daily telling me to check out a website. I really hope they clean this up so my online experience goes smoother than it currently does on my computer.

  3. Wholesale Air Jordan says:
    #3 2011-07-19 03:36 (Reply)

    Excellent post. Keep it up!

  4. Air Jordan 7 says:
    #4 2012-01-07 10:24 (Reply)

    555sql Only when you seize today can you not lose tomorrow.


Add Comment


E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5