Notorious Cocktail Attack via Facebook Phishing Campaign

Apart from a general password phishing attack, Facebook threats, in actual terms, serve users with a dangerous concoction of malicious infections, which will leave various end-points directly for the cyber assailants, warned researchers at the security firm McAfee.

While explaining these cocktail attacks, experts informed that the users are greeted with an e-mail message. This message notifies them about their changed Facebook account passwords, which are provided in zip file attached with the message.

Once the user accesses this zip file, a file with a spreadsheet icon is displayed on his/her screen. The file drops the payload and deletes itself when it is opened by the user to view the password. Malware, after being installed onto the system, establishes a link with the attacker's server via HTTP port. It then seeks to download additional malicious payloads on the compromised machine.

Further, the malware also downloads a keylogger, which is run secretly. The second attack looks for any keystrokes, in order to obtain important information, like the login ID password, social security and credit card numbers, etc. The malware then sends this information to a server located at some remote place using backdoor created by it.

Moreover, unsurprisingly at this point of time, the attack also loads a rogue AV scanner application. This application further disables other applications including Windows Wordpad and Notepad, and it continues till the user agree to purchase additional malware cleansing tools, added security experts.

Allegedly, the attack doesn't target Internet Explorer as IE is required to contact its malware server.

It is quite clear that the campaign is just an attack awaiting. However, most messages appear to be fairly reasonable and real, using same fonts and logo images, used by the networking site itself.

The experts, finally, informed the users that waves of Internet threat are making rounds across the Web on a daily basis. Hence, users must be alert and must not click on the links provided in these e-mails. They must also not open any sort of attachment available in the link, so as to avoid being a victim of such attacks.

Related article: Notorious Russian ISP RBN Hacked Bank of India Website

» SPAMfighter News - 11/18/2009