Hi All, According to panda labs:
We’ve detected an increase in the number of domains containing the word facebook and which belong to malicious websites. What is clear is that cybercrooks are aware of the success of the social networks, especially Facebook, and consider them an entry point to distribute malware or to obtain credentials. Among them there are the following: facebook-ims.com facebooks.bz gjfacebook.com image-facebook.com ims-facebook.net inbox-facebook.com kfacebook.net kjfacebook.net lfacebooks.net ojfacebook.net ozfacebook.net ppfacebooks.net sodfacebook.com ujfacebook.net vfacebooks.net vvfacebook.net xfacebook.net xxfacebooks.com zfacebook.net zxfacebook.net In most of the cases, when you access any of these URLs, a similar interface to real Facebook is displayed, in oder to obtain your access data. Then, you are redirected to the real site not to raise suspicion. The following image is an example of the fake Facebook site. It may be easily identified not only because the page of the address bar doesn’t belong to the real Facebook but also because part of the text and the images are different: This image belongs to the fake website: [image: Fakebook.jpg]*Fake Facebook site*Fakebook.jpg (103.28 KiB) Viewed 98 times As you can see, the web address does not belong to the original one: [image: Fakebook_address.jpg]*Fake web address*Fakebook_address.jpg (3.48 KiB) Viewed 98 times This image belongs to the real website: [image: Fakebook_real.jpg]*Real Facebook*Fakebook_real.jpg (112.79 KiB) Viewed 98 times However, the purpose is not always to obtain user’s credentials, as from some of these websites malware is downloaded using the technique drive by download, in which the file is automatically run without user’s intervention. We’ve seen that one of the samples that is being distributed through these websites is W32/Lolbot.C.worm. Surely Facebook’s imitators will continue to appear, so when you access this or any other social network, don’t do it through links received via email, it’s better to type it directly in the address bar of the browser. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
