Facebook phishing malware

Published: 2009-05-04
Last Updated: 2009-05-04 14:47:00 UTC
by Tom Liston (Version: 1)
1 comment(s)

Looks like there may be a piece of malware out there is sending out messages to folks on Facebook trying to trick them into visiting a facsimile "Facebook" login page to steal credentials.  The phishing site is currently on "junglemix.in," so you may want to block that site.  More details as we figure this thing out. (Thanks to Kent for the heads up!)

1 comment(s)

Comments

o summarize, this is a Facebook credential stealing scam, that uses a phishing site to resemble the Facebook login page. It harvests credentials, and then uses those credentials to spread the notification to the FB friends of the victim. No malware installs are needed to steal one’s credentials, just gullibility. UPDATE 1435 GMT May 2009. Junglemix.in now serving "legit" Viagra advertisements. Firefox reporting fbstarter.com as a forged site, and fblight.com was pointing to 127.0.0.1 (localhost). Apparently the FB and MarkMonitor security teams were on this within a few hours. Counterfeit Viagra is only illegal where the patent and trademark can be enforced.

Diary Archives