Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Can it be true that even terrorists are hooked on Facebook? And that the Feds are scouring the social networking site looking for them?

    Storm Worm puppet-masters seem to think so, or they just want everyone to go and find out if it’s true.

    Senior Threat Researcher David Sancho has recently discovered a spam run that supposedly tells about the FBI investigating possible terrorists in the popular social networking site Facebook.

    Here are screenshots of sample emails:

    Spammed email messages come with different URLs in the message and here’s a list of the ones our researchers have seen so far:

    • hxxp:// {BLOCKED}lueNews.com/
    • hxxp:// {BLOCKED}yNewsNetwork.com/
    • hxxp:// {BLOCKED}sWorld.com/
    • hxxp:// {BLOCKED}wsGames.com/
    • hxxp:// {BLOCKED}ewsRadio.com/
    • hxxp:// {BLOCKED}owNews.com/
    • hxxp:// {BLOCKED}sDailyNews.com/
    • hxxp:// {BLOCKED}sNewsRadio.com/
    • hxxp:// {BLOCKED}lyNews.com/

    All domains were found to have common name server records, which seems to have been registered in China. This suggests that all URLs were possibly registered by the same person(s) or organization.

    Clicking the link in the message connects the user to a Web site that displays the following:

    Of course, the save it link will not download an article, but a Storm variant instead. Clicking the link connects the user to hxxp:// {BLOCKED}sNewsRadio.com/fbi_facebook.exe, which is detected by Trend Micro as TROJ_NUWAR.DDJ.

    Our engineers are currently investigating the malware related to this spam run and will update this post as soon as possible. Meanwhile, Trend Micro has blocked access to all the abovementioned URLs.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice