Re: facebook messages worm

[Gadi Evron <ge () linuxbox org>]

On Sun, 10 Aug 2008, Juha-Matti Laurio wrote:
> Gadi Evron [ge () linuxbox org] kirjoitti: 
> > On Sun, 10 Aug 2008, Juha-Matti Laurio wrote:
> > > It appears that these stats from www.d9.pl are not accessible on Sat 9th 
> > Aug:
> > > "Bandwidth Limit Exceeded
> > > The server is temporarily unable to service your request due to the site 
> > > owner reaching his/her bandwidth limit. Please try again later."
> >
> > I have no idea, I was thinking either some new spreading happened, maybe on 
> > myspace, they were attacked, or their uplink was sick of them.
> >
> > Up to when statistics worked, it wasn't that bad. Less than a million 
> > infected.
>
> Yes, that's possible. And the top activity period can be different in 
> Facebook and MySpace.
>
> > > But when checking the site on Friday youtube.xx.pl was not listed any 
> > more, > what is the situation now?
> >
> > There were several other domains, as well.
>
> The good news are, as mentioned at linked Facebook Blog post, that FB 
> security team has  prevented linking to these sites. We hope that they 
> blocked all of these sites.

First problem was messages already in users' facebook inboxes.
Second problem is carbon-copy of said messaged in users' email inboxes

> Juha-Matti
>
> > > Juha-Matti
> > >
> > > Gadi Evron [ge () linuxbox org] kirjoitti: >> I am constantly updating on 
> > this on my twitter account to avoid list >> clutter: 
> > http://twitter.com/gadievron
> > > > > > You can watch the infection live on a web counter from the hosting 
> > provider >> that the worm points to. This thing is fast-spreading.
> > > > > >        Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.