"FaceBook message: Smokin' and dancing girl"

Another day, another fake social networking trojan very closely related to this one.

Subject: FaceBook message: Smokin' and dancing girl (Last rated by Kenya Johnson)
From: "Facebook Adult" messageserver96@facebook.com

Messages from Your Friends on Facebook, March 11, 2009

You have 1 Personal Message:
Video title: "Amanda is dancing on Striptease Dance Party, March 10, 2009! We're
absolutely shocked!".

Proceed to view full video message:

http://[snip]/home.htm?/emberUIWeb/application=x067t0s2n96jnbz

Message ID: FB-5abv3t6lggavfbp
2009 Facebook community, Message Center.

This leads to a page on a botnet (with a tantalising picture) which prompts you to download Adobe_Player11.exe which is a nasty rootkit, rather than a media player.



VirusTotal reports a very low detection rate, ThreatExpert's prognosis is that this is something you REALLY don't want to have to clean up.. possibly a recover / reformat / reinstall job. Once installed, the trojan calls back to 58.65.232.17 which is Hostfresh in Hong Kong who are well known as suppliers of services to criminals.