Facebook and Freddy.exe?
Today I received a friendly little email purportedly from someone that had a question about my business, and who also wanted me to add them to my friends list from the supplied link in the email. The email address that the sender used immediately raised a red warning flag because I currently use this particular email address specifically to monitor iffy stuff on the Internet.
Analysis at ThreatExpert exposed some pretty serious threats:
There were five .js links on the Facebook landing page <REMOVED>
Canonical name: gateway02.websitewelcome.com -all IP’s consistent with that of a Mail Server.
Addresses:
69.41.248.84
69.56.142.20
69.56.159.20
69.56.170.20
69.56.176.20
69.56.184.20
69.56.212.20
69.56.216.20
69.56.224.20
69.56.236.20
69.93.106.20
69.93.115.20
69.93.126.20
69.93.136.20
69.93.139.20
74.52.222.226
67.18.36.20
67.18.53.20
67.18.62.20
67.18.65.20
67.18.66.20
67.18.80.20
67.18.81.20
69.41.242.20
69.41.247.20
69.41.248.20
That is about all I know for today! If any security expert needs more info – just ask!
Update: 10-22-2009 7:05 PM
| Trojan.DNSblocker, Net-Worm.Win32.Koobface.cfm, Trojan.Win32.Scar.affc |
Until Next time — one-off, security terrior here, and I never let go of a bad guy (wink)
email, facebook, freddy.exe, Malware, Security, social engineering, virus
2 Comments
[...] This post was mentioned on Twitter by Bev , Mourad Ben Lakhoua. Mourad Ben Lakhoua said: RT @teksquisite: New Tekblog Post: Facebook and Freddy.exe? http://bit.ly/1nSuGY #malware #security #socialnetworking [...]
Picked up the same type of thing from 72.181.192.132. The email was from a friend on Facebook saying I was in some video of theirs. My processes (under Task Management) showed Freddy*.exe running. So far, McAfee Security is killing trojans that pop up, but I had to manually end that process and am in the process of scanning.