funsec mailing list archives
Re: facebook messages worm
From: Gadi Evron <ge () linuxbox org>
Date: Wed, 6 Aug 2008 20:45:30 -0500 (CDT)
I am constantly updating on this on my twitter account to avoid list clutter: http://twitter.com/gadievron You can watch the infection live on a web counter from the hosting provider that the worm points to. This thing is fast-spreading. Gadi. On Wed, 6 Aug 2008, Gadi Evron wrote:
Hi all. There's a facebook (possibly worm) something malicious sending fake messages from real users (friends). The sample also has a remote drop site (verified by someone who shall remain nameless). This is possibly zlob, not verified. Thanks Nick Bilogorskiy for his help. Infection sites seen so far are on .pl domains. The AV industry will soon add detection. Facebook's security folks are very capable, so I am not worried on that front. It's not that we didn't expect this for a long time now, but... Be careful. Some users know to be careful in email.. but not on facebook. Note: unlike 2003 when we called everything a worm and the 90s when everything was a virus--this is a bot which also spreads/infects on facebook. Gadi. -- "You don't need your firewalls! Gadi is Israel's firewall." -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy to the Accountant General, Israel's Ministry of Finance, at the government's CIO conference, 2005. (after two very funny self-deprication quotes, time to even things up!) My profile and resume: http://www.linkedin.com/in/gadievron _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- facebook messages worm Gadi Evron (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
- Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
- <Possible follow-ups>
- Re: facebook messages worm Juha-Matti Laurio (Aug 08)
- Re: facebook messages worm Juha-Matti Laurio (Aug 09)
- Re: facebook messages worm Gadi Evron (Aug 09)
- Re: facebook messages worm Juha-Matti Laurio (Aug 10)
- Re: facebook messages worm Gadi Evron (Aug 10)