McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Create Account | Login  | What is TrustedSource?
 
Home  Threats and Trends  McAfee Research Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 


Latest Malware Threats
 RSS Feed
Win32.Weird.e2010-02-02
Win32.Tolone2010-02-02
Worm.IrcBot.14786562009-12-10
Trojan.Drop.Agent.poa.22009-12-10
Trojan.Magania.1059882009-12-08
Trojan.PSW.Frethog.AJ.22009-12-08
View Malware Library
 


McAfee Research Blog

FBI vs. Facebook - Makes Any Sense?

July 28th, 2008

Of course not. It’s another new Storm campaign on the loose, with a minor change in the social-engineering trick. Mail with subjects like “FBI wants instant access to Facebook” is hitting users’ inboxes at the moment. If a user follows the trick, he will be presented with the following web site:

As usual the fake web site is hosted on an infected Storm web proxy. The text states that “Your download will start shortly. If you are unable to read the article, save it in and run on your computer”. If you follow the lure and click the link you’ll end up with an executable named “fbi_facebook.exe”. This is the malware - don’t run it. Again the malware authors don’t just rely on pure social-engineering, the web site also fires a set of browser exploits leveraging known vulnerabilities. A closer look at the source code reveals that there is an invisible IFRAME pointing to ‘ind.php’.

The Secure Anti-Malware Engine detects the threat as ‘Worm.Zhelatin.zk’, the exploit script is detected as ‘Script.Zhelatin.zb’, the payload as ‘Worm.Zhelatin.ZL’. And finally the whole fake web site with the invisible IFRAME is blocked as ‘Script.Zhelatin.ZL’ as well.


Author: Anti-Malware Team

Back to McAfee Research Blog overview

McAfee Homepage | Contact | Privacy Policy

Copyright © 2007-2009 McAfee, Inc. All Rights Reserved.

ANY INFORMATION PROVIDED BY MCAFEE ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT MCAFEE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. MCAFEE HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.