What I have seen this week is the existence of new Koobface variants (20+ now)
and it appears that Facebook doesn't block these yet,
they managed to block the first wave, see
http://linuxbox.org/pipermail/funsec/2008-August/018006.html
But they are working on it:
http://www.redherring.com/Home/24756
Juha-Matti
Adriel Desautels [EMAIL PROTECTED] kirjoitti:
Interesting,
Do you or anyone else know more about the account theft that has been
going on with FaceBook. I ask because my kid sister was using it for a
while and she kept on asking why her password was changed. Shortly there
after her friends had the same issue and they had random wall posts
going up. Ideas? I'm just curious.
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Steven Adair wrote:
> It seems Imageshack with malicious or at least abusive Flash files is getting
more popular. We saw a similar attack, yet far less malicious, on Facebook last
week. User's walls were spammed with a messae about someone having a crush on
them with a link to an Imageshack flash file. The file then did a full redirect
to a dating website. The bad guys are both simply just using them as a jumping
point and in some cases playing off of their [somewhat] trusted name.
>
> Steven
>
> On Thu, 28 Aug 2008 09:18:12 -0400, "Discini, Sonny" <[EMAIL PROTECTED]> wrote:
>> Here is another XP/Vista download link:
>>
>> ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf
>>
>> --
>> Steve
>>
>>
>>
>> I had a bunch of that come through in 3 separate waves yesterday.
>>
>> The malware download pointed to:
>> Hxxp://89.187.49.18/install.exe
>>
>> Note that the payload is known to Sophos so I'm assuming that most of
>> the other big players also pick it up. Nothing new.
>>
>> Sonny
>>
>> Sonny Discini, Senior Network Security Engineer
>> Office of the CIO
>> Department of Technology Services
>> Montgomery County Government
>>
>>
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Pirk
>> Sent: Thursday, August 28, 2008 7:13 AM
>> To: [EMAIL PROTECTED]
>> Cc: Botnets
>> Subject: Re: [phishing] XP update phish/malware
>>
>>
>> Equal bytes for women.
>>
>> On Wed, 27 Aug 2008, Steve Pirk wrote:
>>
>>> Here are some links related to a XP update phish/malware download.
>>>
>>> Image or payload?
>>> ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf
>>>
>>> That was the only link in the email.
>>> --
>>> Steve
>>> Equal bytes for women.
_______________________________________________
botnets@, the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
