Subject: FaceBook message: Smokin' and dancing girl (Last rated by Kenya Johnson)
From: "Facebook Adult" messageserver96@facebook.com
Messages from Your Friends on Facebook, March 11, 2009
You have 1 Personal Message:
Video title: "Amanda is dancing on Striptease Dance Party, March 10, 2009! We're
absolutely shocked!".
Proceed to view full video message:
http://[snip]/home.htm?/emberUIWeb/application=x067t0s2n96jnbz
Message ID: FB-5abv3t6lggavfbp
2009 Facebook community, Message Center.
This leads to a page on a botnet (with a tantalising picture) which prompts you to download Adobe_Player11.exe which is a nasty rootkit, rather than a media player.
VirusTotal reports a very low detection rate, ThreatExpert's prognosis is that this is something you REALLY don't want to have to clean up.. possibly a recover / reformat / reinstall job. Once installed, the trojan calls back to 58.65.232.17 which is Hostfresh in Hong Kong who are well known as suppliers of services to criminals.
0 comments:
Post a Comment