Loading...

Want to be your friend on Facebook? A Fake Facebook Request

Malicious spam messages generated by the infamous Cutwail botnet are targeting Facebook users as potential banking Trojan victims. The mes...

Malicious spam messages generated by the infamous Cutwail botnet are targeting Facebook users as potential banking Trojan victims.

The messages arrive in the guise of a Facebook friend invite notification. The emails look genuine enough on casual inspection, thanks to the malware-spinners' apparent use of a genuine Facebook template. But where a genuine Facebook invite contains links to the real social networking site, the malicious emails feature custom links to malware sites. In addition, the emails differ from the genuine article because they do not feature Facebook profile photos. The recipient's email address is also absent from the fine print at the bottom of the bogus invites.


facebook-spam

Users tricked into clicking on the malicious link are exposed to a double-barrelled malware based attack. Firstly they are offered a bogus Adobe Flash update. In addition, clicking on the link opens a hidden iFrame, which then loads data from a remote server hosting the Blackhole Exploit Kit. The exploit kit attempts to exploit browser security holes, most notably involving insecure Java installations.

Both techniques attempt to download a variant of the infamous ZeuS banking Trojan onto compromised systems. Impersonating email notifications from Facebook is a common enough technique among spammers and purveyors of survey scams, but I've never seen it applied to punt banking Trojans before.
Reactions: 

Post a Comment

  1. I have used Cyberhacklove@gmail.com quite a number of times and they have never disappointed me.They helped me monitor my Spouse phone when I was gathering evidence during the divorce. I got virtually every information my Spouse has been hiding over the months easily on my own phone: the spy app diverted all his whatsapp, facebook, text messages, sent and received through the phone: I also got his phone calls and deleted messages. he could not believe his eyes when he saw the evidence because he had no idea he was hacked. they do all types of mobile hacks and computer hacks,you get
    unrestricted and unnoticeable access to your partner/spouse/anybody's social account, email,E.T.C Getting the job done is as simple as sending an email to cyberhacklove@gmail.com or TEXT +16066579237 stating what you want to do?

    ReplyDelete

  2. I have used cyberhackinglord quite a number of times and he has never disappointed me..He does all types of mobile hack;get unrestricted and unnoticeable access to your partner/spouse/anybodies Facebook account,email,text messages.He also makes changes in any database/website such as your college/university grades..Getting the job done is as easy as sending an email to cyberhackinglord@gmail.com or text +13047160075 stating what you want to do.

    ReplyDelete

emo-but-icon

Home item

Follow by Email

Recommend on Google

Advertisements

Advertisements

Popular Posts

Random Posts

Recent Posts

ADS

eXTReMe Tracker