From last few months, Facebook has been widely targeted for scam and spreading malware, One of the those spreading worm I discovered recently was when I was chatting with my friend, The following message from the sudden appeared.
hehehI!!! lool http://tinyurl.com/Wooo-2841-jpgFrom the above screenshot, you can clearly see that tinyurl has been used to shorten the URL, One more thing to note is that it's not an image file as image files end with .JPG extension then -jpg.
The above screenshot describes a more clear picture of what you are going to download along with the JPG file. The exe is basically a Zeus Trojan, Zeus is one of the most popular botnets used for stealing sensitive information such as passwords, credit card numbers. One of it's popular feature is an Anti VM and Anti Sandbox capability, Making it useless for testing it inside virtual environments.
A scan at Virus total shows that only 3/18 URL scanners were able to detect it as a malware site, Rest of them failed.
Source -
rafayhackingarticles
No comments:
Post a Comment