A good summary has been released at
http://www.insidefacebook.com/2008/08/26/update-facebook-security-fighting-koobface-worm-chain-letters/
[switched to new message title now, handling FB worm etc.]
Juha-Matti
Gadi Evron [EMAIL PROTECTED] kirjoitti:
> Interesting,
> Do you or anyone else know more about the account theft that has been
> going on with FaceBook. I ask because my kid sister was using it for a
> while and she kept on asking why her password was changed. Shortly there
> after her friends had the same issue and they had random wall posts
> going up. Ideas? I'm just curious.
Malware spreading via walls and messages. Click on it and you get your
credentials stolen and spam your friends.
Facebook.*
>
> Regards,
> Adriel T. Desautels
> Chief Technology Officer
> Netragard, LLC.
> Office : 617-934-0269
> Mobile : 617-633-3821
> http://www.linkedin.com/pub/1/118/a45
>
> Join the Netragard, LLC. Linked In Group:
> http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com - "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j
> Three Things you must know : http://tinyurl.com/26pjsn
>
>
> Steven Adair wrote:
>> It seems Imageshack with malicious or at least abusive Flash files is
getting more popular. We saw a similar attack, yet far less malicious, on Facebook
last week. User's walls were spammed with a messae about someone having a crush on
them with a link to an Imageshack flash file. The file then did a full redirect to a
dating website. The bad guys are both simply just using them as a jumping point and
in some cases playing off of their [somewhat] trusted name.
>>
>> Steven
>>
>> On Thu, 28 Aug 2008 09:18:12 -0400, "Discini, Sonny" <[EMAIL PROTECTED]>
wrote:
>>> Here is another XP/Vista download link:
>>>
>>> ht tp://img 182.imageshack.us/img182/7145/47024671do7 .swf
>>>
>>> --
>>> Steve
>>>
>>>
>>>
>>> I had a bunch of that come through in 3 separate waves yesterday.
>>>
>>> The malware download pointed to:
>>> Hxxp://89.187.49.18/install.exe
>>>
>>> Note that the payload is known to Sophos so I'm assuming that most of
>>> the other big players also pick it up. Nothing new.
>>>
>>> Sonny
>>>
>>> Sonny Discini, Senior Network Security Engineer
>>> Office of the CIO
>>> Department of Technology Services
>>> Montgomery County Government
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: [EMAIL PROTECTED]
>>> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Pirk
>>> Sent: Thursday, August 28, 2008 7:13 AM
>>> To: [EMAIL PROTECTED]
>>> Cc: Botnets
>>> Subject: Re: [phishing] XP update phish/malware
>>>
>>>
>>> Equal bytes for women.
>>>
>>> On Wed, 27 Aug 2008, Steve Pirk wrote:
>>>
>>>> Here are some links related to a XP update phish/malware download.
>>>>
>>>> Image or payload?
>>>> ht tp://img 504.imageshack.us/img504/6262/23031231ob0 .swf
>>>>
>>>> That was the only link in the email.
>>>> --
>>>> Steve
>>>> Equal bytes for women.
_______________________________________________
botnets@, the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets