|23 May 2010||#1|
| || |
Fake joke worm wriggles through Facebook
Shifty sorts have created a new worm which spread rapidly on Facebook on Friday.
The malware, for now at least, does nothing more malicious than posting a message on an infected user's Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.
The message that the worm posts takes the form :
try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]
Net security firm F-Secure reports that following the link takes a surfer to a fake error message. Clicking anywhere on this page fires up a script that posts the same message on a user's Facebook wall, continuing the spread of the malware.
As a search via youropenbook.org illustrates, the worm spread like wildfire on Friday afternoon.
The fbhole.com domain associated with the attack was only registered on Thursday. It points to an IP address in Czech Republic, shared by another Czech site called ironbrain.net.
Fake joke worm wriggles through Facebook ? The Register
|My System Specs|
|23 May 2010||#2|
| || |
Sometimes it's easy. Accordind to F-Secure's head researcher Mika Hyppönen, this worm was stopped with one phone call:
Quote: Originally Posted by F-Secure: News from the lab
Domain fbhole.com shared an IP address with ironbrain.net [184.108.40.206]. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.
So I called the number.
The call went roughly like this:
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I'm looking for a person related to ironbrain.net.
– We're investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I'm from an antivirus company. Are you related to ironbrain.net?
– I'll have to check… maybe my company is…
– Please do.
About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over.
|My System Specs|
|Similar help and support threads for2: Fake joke worm wriggles through Facebook|
|Info-stealing Dorkbot worm spreading on Facebook||Security News|
|AV-killing worm spreads via Facebook chat and IM clients||Security News|
|New Facebook worm spreading||Security News|
|Fake Microsoft Office tool hides worm||Security News|
|Twitter worm hits goo.gl, redirects to fake anti-virus||Security News|
|Worm Planted in Fake Microsoft Security Update||Security News|
|New Worm Propagates via Fake Emails Allegedly Sent by Large Websites||Security News|