Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

Fake Facebook "dancing girl" Video Leads to Malware


Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has received reports of spoofed Facebook email messages that contain malicious links. The messages look similar to legitimate Facebook messages and invite recipients to click on the link contained in the message to view a video.

Message subjects seen have been:

FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by Betsy Person)
FaceBook message: Dancing girl oriental dance ... (Last rated by Abdul Kay)
FaceBook message: Magnificent Striptease Dance (Last rated by Rosalind Lindsey)
FaceBook message: Watch the Oooh! Super Beautiful Girl Dancing (Last rated by Delores Tucker)
FaceBook message: Hot Girl Dancing At Striptease Dance Party

Screenshot of the spoofed Facebook message:


If recipients of this message click the link, they are taken to a malicious Web site that looks similar to Facebook and that prompts them to install a file called "Adobe_Player11.exe". This file (SHA1 70456cd86d458452ee172a791cf1b9cfaf944ef0) has very little anti-virus coverage, according to Virustotal.

Screenshot of the malicious site:


Websense Messaging and Websense Web Security customers are protected against this attack.