Trust is vital, and cybercriminals know that there’s a higher probability that you will click on a link sent by a trusted friend, not from a complete stranger.
Yesterday, one of my Facebook friends sent me a direct message indicating that his host has been compromised, and is currently being used to send links to a malicious .zip archive through direct messages to all of his Facebook friends.
More details:
Sample screenshot of the spamvertised direct download link:
Same compromised direct URLs used in the direct messages:
hxxp://thegrottospa.com/6XX6l91m24m4x01B8
hxxp://vebest.com/NNbccq491rr4II002
hxxp://goplayersedge.com/429XbppG7702D8HV6
All of these redirect to hxxp://74.208.231.61:81/l.php – tomascloud.com – AS8560 where the user is exposed to a direct download link of Picture15.JPG.zip.
Detection rate: MD5: dfe23ad3d50c1cf45ff222842c7551ae – detected by 20 out of 43 antivirus scanners as Trojan.Win32.Bublik.iez; Worm:Win32/Slenfbot
Webroot SecureAnywhere users are proactively protected from these threats.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
