[AusNOG] Trojan spam run with Facebook hook (AUSCERT#2009abf45)

Daniel Hooper dhooper at gold.net.au
Thu Apr 2 13:34:21 EST 2009 

Hi,



Just checked the anti spam box's and we are seeing a high volume of it hitting us, approx 2k messages in the last 4 hours.



Regards,



Dan


[cid:image001.jpg at 01C9B37E.95F08970]



Shop 1, 97 Forrest Street, Kalgoorlie WA 6430
08 90805111 - 0427 757 336
dhooper at gold.net.au<mailto:dhooper at gold.net.au>








-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of matthew at auscert.org.au
Sent: Thursday, 2 April 2009 9:33 AM
To: ausnog at ausnog.net
Subject: [AusNOG] Trojan spam run with Facebook hook (AUSCERT#2009abf45)



-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



G'day all,



We are seeing a decent trojan spam out using Facebook as the hook.  The

emails all differ slightly but possess the same characteristics.  Eg:



  From: "Facebook presentment" <support60 at facebook.com>

  Subject: Facebook announcement: Great looking girl having fun (Last rated

  by Bradford Collins)



  Messages from Your Friends on Facebook, April 01, 2009



  You have 1 friend requests - Personal Message:

  Watch the video titled "Drunk Charlize is dancing striptease on my

  Birthday Party, March 28, 2009! We're absolutely shocked!".



  Proceed to view full message:



  hxxp://facebook.shared.id-etsmrnhy5e.subject.876panel. com/home.htm?/identification/authentication=0616n9m12



  Added 16 minutes ago.  Message ID: FB-06nnzbrxizjrzvr

  2009 Facebook community, Message Center.



Multiple domains are being used all following a naming scheme of



  [3-5 digit number]panel.com



Eg:



       2349panel. com

       43553panel. com

       654panel. com

       876panel. com

       987panel. com



Is anyone else seeing a decent run of this?



Just trying to work out how widespread it is as we are preparing to do an

alert on it.



Apologies if you see this across a few lists - looking for any feedback

on numbers on this (and it is all appreciated).



Best regards,



- -- Matthew McGlashan --

Coordination Centre Team Leader             | Hotline: +61 7 3365 4417

Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924

(AusCERT)                                   | Fax:     +61 7 3365 7031

The University of Queensland                | WWW:     www.auscert.org.au

Qld 4072 Australia                          | Email: auscert at auscert.org.au



-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (FreeBSD)

Comment: http://www.auscert.org.au/render.html?it=1967

Comment: http://www.auscert.org.au/render.html?it=1967



iD8DBQFJ1BXZNVH5XJJInbgRAvMqAJ0cqNWqI3riSyf5Tq9lGzxO9C6xegCcCpl0

KzfS5kwPQpBMNU4TfhQuqDo=

=zKz3

-----END PGP SIGNATURE-----



_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net

http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090402/6c5ad9a6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2203 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090402/6c5ad9a6/attachment.jpg>

More information about the AusNOG mailing list