Jul21 |
11:42 pm (UTC-7) | by
Jonathan Leopando (Technical Communications) |
Advanced threats researcher Jonell Baltazar recently spotted an instant message that contains a link to a malicious page.
 |
The use of instant messages to spread malware is no longer new; neither is the use of URL shorteners. What is somewhat unusual is how these URL shorteners were used.
The URL shortener used in this attack, ow.ly, shortens long URLs using the format http://ow.ly/(5 alphanumeric characters). Note that the spammed URL was padded with the query string ?=www.facebook.com/photo.php. This can lead users to believe that they are going to a Facebook page to see a picture, as the instant message says. Unwitting users, failing to see the entire URL, are led to believe that they will land on a Facebook page instead of a malicious page.
Users should always exercise caution in clicking strange links, regardless of source—social media, email messages, or instant messages.
The malicious link downloads a worm detected by Trend Micro as WORM_YIMBOT.A. Smart Protection NetworkTM already protects Trend Micro product users from this attack. In addition, the site the shortened link targets has also been blocked.
Share this article |
 |
        |
Pingback: Facebook Temporarily Blocks All Ow.ly URL Shortener Links – Facebook Blog
Pingback: Facebook Temporarily Blocks All Ow.ly URL Shortener Links