Just what the world needs, another Storm campaign. This is an example of the mixed threat that modern worms such as Storm and Kraken pose. It uses social engineering -- in this case threatening Facebook users' privacy -- to bring victims to a page that launches both browser-based threats (an iFrame attack) and a trojan horse download.
From the Trusted Source blog:
It's another new Storm campaign on the loose, with a minor change in the social-engineering trick. Mail with subjects like "FBI wants instant access to Facebook" is hitting users' inboxes at the moment. If a user follows the trick, he will be presented with the following web site:
As usual the fake web site is hosted on an infected Storm web proxy. The text states that "Your download will start shortly. If you are unable to read the article, save it in and run on your computer". If you follow the lure and click the link you'll end up with an executable named "fbi_facebook.exe". This is the malware - don't run it. Again the malware authors don't just rely on pure social-engineering, the web site also fires a set of browser exploits leveraging known vulnerabilities. [From TrustedSource - Blog - FBI vs. Facebook - Makes Any Sense?]
Leave a comment