[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] No subject

To: az-guy@xxxxxxxxxxxx
Subject: Re: [Full-disclosure] No subject
From: "James Matthews" <nytrokiss@xxxxxxxxx>
Date: Thu, 7 Aug 2008 17:20:38 -0700

It;s the new facebook friend adder

On Wed, Aug 6, 2008 at 3:11 PM, <az-guy@xxxxxxxxxxxx> wrote:

> Not just Rouge apps, it's much more widespread: other colors such
> as magenta, mauve, fuschia, and even the extremes of pink and
> purple can also be impacted.
>
> On Wed, Aug 6, 2008 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP
> <bambenek.infosec@xxxxxxxxx> wrote:
>
>    What's the infection vector?  URL Link?  Rouge Facebook app?
>
>    On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron <ge@xxxxxxxxxxxx>
> wrote:
>
>        Hi all.
>
>        There's a facebook (possibly worm) something malicious
> sending fake
>        messages from real users (friends).
>
>        The sample also has a remote drop site (verified by someone
> who shall
>        remain nameless).
>
>        This is possibly zlob, not verified. Thanks Nick
> Bilogorskiy for his help.
>
>        Infection sites seen so far are on .pl domains.
>
>        The AV industry will soon add detection.
>        Facebook's security folks are very capable, so I am not
> worried on that
>        front.
>
>        It's not that we didn't expect this for a long time now,
> but...
>        Be careful. Some users know to be careful in email.. but
> not on facebook.
>
>        Note: unlike 2003 when we called everything a worm and the
> 90s when
>        everything was a virus--this is a bot which also
> spreads/infects on facebook.
>
>               Gadi.
>
>
>        --
>        "You don't need your firewalls! Gadi is Israel's firewall."
>            -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy
> to the Accountant General,
>               Israel's Ministry of Finance, at the government's
> CIO conference, 2005.
>
>            (after two very funny self-deprication quotes, time to
> even things up!)
>
>        My profile and resume:
>        http://www.linkedin.com/in/gadievron
>        _______________________________________________
>        Fun and Misc security discussion for OT posts.
>        https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
>        Note: funsec is a public and open mailing list.
>
>
>
>    _______________________________________________
>    Full-Disclosure - We believe in it.
>    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>    Hosted and sponsored by Secunia - http://secunia.com/
>
> --
> Click here for great computer networking solutions!
>
> http://tagline.hushmail.com/fc/Ioyw6h4fM6mUaUAfTcWMkR2Fx209IMXh1QMeRcp6eoXffMEOga9j6I/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] No subject
  - From: az-guy

Prev by Date: [Full-disclosure] [ MDVSA-2008:162 ] qemu
Next by Date: Re: [Full-disclosure] question
Previous by thread: [Full-disclosure] No subject
Next by thread: [Full-disclosure] facebook messages worm
Index(es):
- Date
- Thread