Friday, November 21


I received 2 emails telling me to be more aware of the virus spreading thur Facebook, and just to share with all the readers of my blog~

Pls be more alert even on any other links were sent to u, or when u are looking through websites.

The email reveals that infected user accounts are being used to post messages to Facebook friends lists. The content was an enticing message with a link that used a Facebook open redirector. When recipients click the link, they are automatically redirected multiple times, finally reaching a site masquerading as YouTube that serves a malicious Trojan downloader.

1. The Facebook link directs to a malicious account hosted at

2. The malicious Geocities account includes an obfuscated JavaScript link to http://lost[REMOVED]/js/js.js, which goes to http://off3[REMOVED]/go/fb.php

3. The .php file next redirects to either http://youtube-spyvi[REMOVED]/?schk=&keat= or http://youtube-x[REMOVED]/?ch=&ea=. These sites serve the malicious "flash_update.exe" (SHA1: 62689f89f1c5f6df10f4c7096772468d4c8e458a) file.

No comments:

Post a Comment

Banana peeling ...


Custom Search

Trees I've Swung