/>
X

Facebook phishing campaign serving ZeuS crimeware

In need of a good reason not to click on links found in spam or phishing emails? A currently ongoing Facebook phishing campaign is not only attempting to phish fresh Facebook accounting data, but is also serving client-side exploits.
Written by Dancho Danchev on

In need of a good reason not to click on links found in spam or phishing emails?

A currently ongoing Facebook phishing campaign is not only attempting to phish fresh Facebook accounting data, but is also serving client-side exploits through a copycat web malware exploitation kit known as the Phoenix Exploit Kit.

More details on the campaign:

Subject: photos of sex with my new girlfriend

Message: i remember you asked me for photos of sex with my new girlfriend. Take the url: upload.malware.tld/vb073fl/

Upon clicking on the link, the user is redirected to the phishing page auth.facebook.com.malware.tld/vb073fl/LoginFacebook.php where a tiny iFrame attempts to exploit the following -- naturally outdated -- client-side vulnerabilities part of the kit's default setup:

  • IE6 MDAC
  • IE7 MEM COR onWindows XP/Windows Vista
  • IE6/IE7 D SHOW
  • MS Office Snapshot
  • PDF Collab/printf/getIcon on Adobe Reader
  • Firefox Embed
  • Flash 9
  • JAVA/JRE
  • Flash 10 10.0.12.36 and 10.0.22.87

What's particularly interesting about this campaign is the fact that it's part of the multitasking efforts on behalf of the cybercriminals behind last week's "Zeus Crimeware/Client-Side Exploits Serving Campaign in the Wild" campaign using the "PhotoArchive" and the "IRS Fraud Application Claims" themes.

Both campaigns use the same iFrame client-side exploit serving domains.

Don't "take the URL" they're offering you, and ensure that you put basic security auditing practices into action - such as least privilege accounts; sandboxing; client-side flaws patching, and a well configured NoScript for Firefox users.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
Google Fiber expands for first time in five years, and is coming to five new states
home-broadband.jpg

Google Fiber expands for first time in five years, and is coming to five new states

Broadband
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones