[AusNOG] Trojan spam run with Facebook hook (AUSCERT#2009abf45)
matthew at auscert.org.au
matthew at auscert.org.au
Thu Apr 2 12:33:14 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
G'day all,
We are seeing a decent trojan spam out using Facebook as the hook. The
emails all differ slightly but possess the same characteristics. Eg:
From: "Facebook presentment" <support60 at facebook.com>
Subject: Facebook announcement: Great looking girl having fun (Last rated
by Bradford Collins)
Messages from Your Friends on Facebook, April 01, 2009
You have 1 friend requests - Personal Message:
Watch the video titled "Drunk Charlize is dancing striptease on my
Birthday Party, March 28, 2009! We're absolutely shocked!".
Proceed to view full message:
hxxp://facebook.shared.id-etsmrnhy5e.subject.876panel. com/home.htm?/identification/authentication=0616n9m12
Added 16 minutes ago. Message ID: FB-06nnzbrxizjrzvr
2009 Facebook community, Message Center.
Multiple domains are being used all following a naming scheme of
[3-5 digit number]panel.com
Eg:
2349panel. com
43553panel. com
654panel. com
876panel. com
987panel. com
Is anyone else seeing a decent run of this?
Just trying to work out how widespread it is as we are preparing to do an
alert on it.
Apologies if you see this across a few lists - looking for any feedback
on numbers on this (and it is all appreciated).
Best regards,
- -- Matthew McGlashan --
Coordination Centre Team Leader | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct: +61 7 3365 7924
(AusCERT) | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFJ1BXZNVH5XJJInbgRAvMqAJ0cqNWqI3riSyf5Tq9lGzxO9C6xegCcCpl0
KzfS5kwPQpBMNU4TfhQuqDo=
=zKz3
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list