Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Facebook phishing malware - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Facebook phishing malware

Looks like there may be a piece of malware out there is sending out messages to folks on Facebook trying to trick them into visiting a facsimile "Facebook" login page to steal credentials.  The phishing site is currently on "junglemix.in," so you may want to block that site.  More details as we figure this thing out. (Thanks to Kent for the heads up!)

Tom

160 Posts
ISC Handler
o summarize, this is a Facebook credential stealing scam, that uses a phishing site to resemble the Facebook login page. It harvests credentials, and then uses those credentials to spread the notification to the FB friends of the victim. No malware installs are needed to steal one’s credentials, just gullibility. UPDATE 1435 GMT May 2009. Junglemix.in now serving "legit" Viagra advertisements. Firefox reporting fbstarter.com as a forged site, and fblight.com was pointing to 127.0.0.1 (localhost). Apparently the FB and MarkMonitor security teams were on this within a few hours. Counterfeit Viagra is only illegal where the patent and trademark can be enforced.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!