October 19, 2012Dancho Danchev By Dancho Danchev

Malware campaign spreading via Facebook direct messages spotted in the wild

Trust is vital, and cybercriminals know that there’s a higher probability that you will click on a link sent by a trusted friend, not from a complete stranger.

Yesterday, one of my Facebook friends sent me a direct message indicating that his host has been compromised, and is currently being used to send links to a malicious .zip archive through direct messages to all of his Facebook friends.

More details:

Sample screenshot of the spamvertised direct download link:

Same compromised direct URLs used in the direct messages:
hxxp://thegrottospa.com/6XX6l91m24m4x01B8
hxxp://vebest.com/NNbccq491rr4II002
hxxp://goplayersedge.com/429XbppG7702D8HV6

All of these redirect to hxxp://74.208.231.61:81/l.php – tomascloud.com – AS8560 where the user is exposed to a direct download link of Picture15.JPG.zip.

Detection rate: MD5: dfe23ad3d50c1cf45ff222842c7551ae – detected by 20 out of 43 antivirus scanners as Trojan.Win32.Bublik.iez; Worm:Win32/Slenfbot

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

4 Responses to Malware campaign spreading via Facebook direct messages spotted in the wild

  1. Pingback: Malware verspreidt zich via privéberichten Facebook | SFIX – Advanced Security Services & ICT Solutions

  2. Pingback: Anonymous

  3. Pingback: Malware verspreidt zich via privéberichten Facebook

  4. Pingback: Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Leave a Reply

Your email address will not be published. Required fields are marked *

true