- Jan 24, 2011
- 9,378
Security researchers from Web and email security provider Websense have spotted a new private message spam campaign on Facebook distributing the notorious Koobface worm.
The messages have a subject of "Check out the movies wsith yor ass in it" and advertise a link that leads to a bit.ly shortened URL through Facebook's open redirector.
Facebook's redirect script, through which all external links are normally passed, has been increasingly abused lately to bypass spam filters.
The spammed link takes users through a series of redirects that check if they come from facebook.com. If they are, they land on the attack page, if not, on Google News Canada.
In traditional Koobface style, the landing page displays a fake video player with a message reading "This content requires Adobe Flash Player 10.37. Would you like to install it now?"
This "required Flash update" social engineering trick is one the Koobface authors pretty much pioneered and used on a large scale. It has since been picked up by many other cybercriminals.
Pressing the Install button to get the alleged update, serves a Koobface variant currently detected by only 16 out of 43 antivirus engines on Virus Total.
Koobface is the father of all social networking worms and dates back to 2007, which makes it one of the longest running computer worms in history.
Read more
The messages have a subject of "Check out the movies wsith yor ass in it" and advertise a link that leads to a bit.ly shortened URL through Facebook's open redirector.
Facebook's redirect script, through which all external links are normally passed, has been increasingly abused lately to bypass spam filters.
The spammed link takes users through a series of redirects that check if they come from facebook.com. If they are, they land on the attack page, if not, on Google News Canada.
In traditional Koobface style, the landing page displays a fake video player with a message reading "This content requires Adobe Flash Player 10.37. Would you like to install it now?"
This "required Flash update" social engineering trick is one the Koobface authors pretty much pioneered and used on a large scale. It has since been picked up by many other cybercriminals.
Pressing the Install button to get the alleged update, serves a Koobface variant currently detected by only 16 out of 43 antivirus engines on Virus Total.
Koobface is the father of all social networking worms and dates back to 2007, which makes it one of the longest running computer worms in history.
Read more