full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] No subject

Re: [Full-disclosure] No subject

From: James Matthews <nytrokiss_at_nospam>
Date: Fri Aug 08 2008 - 00:20:38 GMT
To: az-guy@hushmail.com


It;s the new facebook friend adder

On Wed, Aug 6, 2008 at 3:11 PM, <az-guy@hushmail.com> wrote:

> Not just Rouge apps, it's much more widespread: other colors such
> as magenta, mauve, fuschia, and even the extremes of pink and
> purple can also be impacted.
>
> On Wed, Aug 6, 2008 at 2:56 PM, John C. A. Bambenek, GCIH, CISSP
> <bambenek.infosec@gmail.com> wrote:
>
> What's the infection vector? URL Link? Rouge Facebook app?
>
> On Wed, Aug 6, 2008 at 4:44 PM, Gadi Evron <ge@linuxbox.org>
> wrote:
>
> Hi all.
>
> There's a facebook (possibly worm) something malicious
> sending fake
> messages from real users (friends).
>
> The sample also has a remote drop site (verified by someone
> who shall
> remain nameless).
>
> This is possibly zlob, not verified. Thanks Nick
> Bilogorskiy for his help.
>
> Infection sites seen so far are on .pl domains.
>
> The AV industry will soon add detection.
> Facebook's security folks are very capable, so I am not
> worried on that
> front.
>
> It's not that we didn't expect this for a long time now,
> but...
> Be careful. Some users know to be careful in email.. but
> not on facebook.
>
> Note: unlike 2003 when we called everything a worm and the
> 90s when
> everything was a virus--this is a bot which also
> spreads/infects on facebook.
>
> Gadi.
>
>
> --
> "You don't need your firewalls! Gadi is Israel's firewall."
> -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy
> to the Accountant General,
> Israel's Ministry of Finance, at the government's
> CIO conference, 2005.
>
> (after two very funny self-deprication quotes, time to
> even things up!)
>
> My profile and resume:
> http://www.linkedin.com/in/gadievron
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> --
> Click here for great computer networking solutions!
>
> http://tagline.hushmail.com/fc/Ioyw6h4fM6mUaUAfTcWMkR2Fx209IMXh1QMeRcp6eoXffMEOga9j6I/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
-- http://www.goldwatches.com/

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/