PDA

View Full Version : Facebook Virus attack?



Billy T
15-02-2010, 09:06 AM
Hi Team

Mailwasher picked up this email, which looks to me like an attack on Facebook users. I'm not an FB user (gross waste of PF1 time) but it is bound to catch a few.

Cheers

Billy 8-{)


Subject: updated account agreement
Date: Sun, 14 Feb 2010 14:07:03 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01CAAD76.99FCACE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

This is a multi-part message in MIME format.

------=_NextPart_000_0006_01CAAD76.99FCACE0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

Thanks,
The Facebook Team

------=_NextPart_000_0006_01CAAD76.99FCACE0
Content-Type: application/zip;
name="agreement.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="agreement.zip"

------=_NextPart_000_0006_01CAAD76.99FCACE0--

--0-103709292-1266176410-29999

Sweep
15-02-2010, 09:21 AM
http://pressf1.co.nz/showthread.php?t=107236

pkm
15-02-2010, 09:25 AM
Interesting how its a old school zipped exe. I think a link to a login page is 100x more better phishing.

pctek
15-02-2010, 09:59 AM
One: You have to be gullible to believe that
Two:The email address no doubt gives big clues
Three: They want you to do all the work don't they? Unzip it and then run it. Couldn't even be bothered getting it to auto-launch.

Four: No doubt loads of gullible idiots will run it........sigh.

Agent_24
15-02-2010, 10:12 AM
Yeah, I get several of these style emails a week

PinoyKiw
15-02-2010, 10:13 AM
Mailwasher has been detecting this Facebook scam for about a week now.

And I know someone who has already run foul of it.

".....but it was from Facebook....." she rattled off.

Didn't even bother to try work out the issue's, just wiped her hardrive and reinstalled windows and her programs.

And her AntiVirus / Firewall. Nortons Security. It either never detected the virus or it was out of date.

All she lost was any recent email contacts as her store folder and all her data was on another partition. At least she followed my advice and kept her data backed on another partition.

She will hopefully learn from this............?

fred_fish
15-02-2010, 10:30 AM
Doesn't matter that the data was on another partition, if it was accessible to the compromised system, then it too could be infected.

PinoyKiw
15-02-2010, 12:21 PM
She hasn't called to complain so possible her data drive was ok.

I did install Comodo and the MS Security and left it doing a scan when I left, of course she might have cancelled the scan.

Her problem if she has, I have had one of those weekends with my own computer problems.

fred_fish
15-02-2010, 01:13 PM
It probably is, I haven't seen any malware for a long time that attaches itself to other executables, must be unfashionable in the leet haxor community.
I suppose it is easier to exploit existing MS code than to write your own :)