Fake joke worm wriggles through Facebook - Windows 7 Help Forums
Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Fake joke worm wriggles through Facebook

23 May 2010   #1

Win 7 Ultimate 64-bit. SP1.
Fake joke worm wriggles through Facebook

Shifty sorts have created a new worm which spread rapidly on Facebook on Friday.

The malware, for now at least, does nothing more malicious than posting a message on an infected user's Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.

The message that the worm posts takes the form

try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]

Net security firm F-Secure reports that following the link takes a surfer to a fake error message. Clicking anywhere on this page fires up a script that posts the same message on a user's Facebook wall, continuing the spread of the malware.

As a search via youropenbook.org illustrates, the worm spread like wildfire on Friday afternoon.

The fbhole.com domain associated with the attack was only registered on Thursday. It points to an IP address in Czech Republic, shared by another Czech site called ironbrain.net.
Source -
Fake joke worm wriggles through Facebook ? The Register

My System SpecsSystem Spec
23 May 2010   #2

Microsoft Community Contributor Award Recipient

Windows 8.1 Pro with Media Center

Sometimes it's easy. Accordind to F-Secure's head researcher Mika Hyppönen, this worm was stopped with one phone call:
Quote   Quote: Originally Posted by F-Secure: News from the lab
Domain fbhole.com shared an IP address with ironbrain.net []. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.

So I called the number.

The call went roughly like this:

– Hello?
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I'm looking for a person related to ironbrain.net.
– ???
– We're investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I'm from an antivirus company. Are you related to ironbrain.net?
– I'll have to check… maybe my company is…
– Please do.
– Bye…

About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over.
Full story: Warning on Facebook worm "FBHOLE" - F-Secure Weblog : News from the Lab
My System SpecsSystem Spec

 Fake joke worm wriggles through Facebook

Thread Tools

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:57.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App