The Latest in IT Security

Facebook Finally Blocks Malware Attack

02
Jun
2011

With more than 24 hours having passed since it began, Facebook has finally blocked a malware attack that linked to Windows and Mac malware.

The attack site pushed MacGuard scareware at Mac users, and host modifying fake “Adobe Flash Players” at Windows users.

Contrary to our earlier post, rather than using the “Like” feature, we now think the malware was spreading by posting directly to Facebook accounts. The posted link used the Like feature’s icon rather than icons used by Links or Videos.

Here’s what Facebook search revealed a couple of hours ago:

Rihanna and Hayden Panettiere

And this is an example from a user’s Wall:

newtubes.in)

The “LOL, just found new tube site” link didn’t reference any .php as the others.

Here you can see the same site, newtubes.in, was used on Sunday:

Boobs Too Big

The subject was “Boobs Too Big For Seatbelt”.

The bad guys attempted, and failed, to launch their attack during the Memorial Day holiday weekend, with big boobs.

As mentioned earlier today, the attack site was Geo-IP and OS aware, and focused only on USA/UK IP addresses. All others were safely redirect to youtube.com. It also employed anti-analysis evasion techniques, such as blocking IP address that visited too frequently. This was a highly professional attack using well developed techniques.

We hope that it cannot be repeated soon.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments