Search This Blog

Sunday, November 14, 2010

Facebook Malware

A new Facebook malware distribution is making the rounds. Logging into Facebook and viewing this users profile takes you to the following link.

 Note the url. Following url that takes you to Twitter.


Note, I didn't login to Twitter, but got the shortened url. Following this url takes you here.


 

Continuing on you get this inst.exe file.
  
File: inst.exe
Size: 1224192
MD5:  24B3FC3FB1385089B9C21E0F938205F6


Running this installer executable results in this.


 

And this new running process.



http://tinyurl.com/myvideoblog17

http://gotoser.com/videoblog8



http://195.54.171.93/index.php?Lch=QlKyV&LW8=QG1QNjZTMTMcXl&I5oUH=H46L46UTV947&7l4=IV231F34U3I27O&1Xw8D=Y229RJ2WUC70Y&b1=KmddKERH&qM1=RWRkDA1wcwVicX4yUks3&F1N=5VIMF78CR4FM35FG&C574=0NVP9UV44GF&mkQO=IDtXT013TwJlCjUDS31Mfypk&Ry=NwlZKyVHWxFbIkRZ&44YZ=N2F88M84L83&2Zd=XD4EO6GV0OY74&RNq=rLCtK


http://94.63.246.69/index.php?O17y=VVEtLBGd&rIq=dUDVYBJWl5BAtlJ3RnNlMlAgBsbAcMAWIFfywuQS4%3D&19N=3PDAVS1Y32TU091W3&0g9M=K0&34w=GXK2Z3LD81775PMXJ9OX549S45Y8&U362N=5dn8NYWkAAhdiAgwlCj&HBn=ghaIyQgVyNPOC1&72UU=sNB4%2FN00pXG09MUxYV&m96w=sIT3hKfQUABgcKVzB0eVVicgBScg&6AxB=G93L6L576184RMK1SK97F75977AXHWUM

Posted by at No comments:
Subscribe to: Posts (Atom)