Malware campaign spreading via Facebook direct messages spotted in the wild

by

Share this news now.

Trust is vital, and cybercriminals know that there’s a higher probability that you will click on a link sent by a trusted friend, not from a complete stranger.

Yesterday, one of my Facebook friends sent me a direct message indicating that his host has been compromised, and is currently being used to send links to a malicious .zip archive through direct messages to all of his Facebook friends.

More details:

Sample screenshot of the spamvertised direct download link:

Same compromised direct URLs used in the direct messages:
hxxp://thegrottospa.com/6XX6l91m24m4x01B8
hxxp://vebest.com/NNbccq491rr4II002
hxxp://goplayersedge.com/429XbppG7702D8HV6

All of these redirect to hxxp://74.208.231.61:81/l.php – tomascloud.com – AS8560 where the user is exposed to a direct download link of Picture15.JPG.zip.

Detection rate: MD5: dfe23ad3d50c1cf45ff222842c7551ae – detected by 20 out of 43 antivirus scanners as Trojan.Win32.Bublik.iez; Worm:Win32/Slenfbot

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.

Trackbacks

  1. [...] kans is dat je klikt op de link die van een bekende vriend afkomstig is dan van een vreemde”, aldus Danchev. De malware werd door 20 vande 43 virusscanners op VirusTotal.com [...]

  2. Anonymous says:

    [...] kans is dat je klikt op de link die van een bekende vriend afkomstig is dan van een vreemde", aldus Danchev. De malware werd door 20 vande 43 virusscanners op VirusTotal.com gedetecteerd. var [...]

  3. [...] kans is dat je klikt op de link die van een bekende vriend afkomstig is dan van een vreemde", aldus Danchev. De malware werd door 20 vande 43 virusscanners op VirusTotal.com gedetecteerd. [...]