Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Facebook phishing malware - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Facebook phishing malware

Looks like there may be a piece of malware out there is sending out messages to folks on Facebook trying to trick them into visiting a facsimile "Facebook" login page to steal credentials.  The phishing site is currently on "," so you may want to block that site.  More details as we figure this thing out. (Thanks to Kent for the heads up!)


160 Posts
May 4th 2009
o summarize, this is a Facebook credential stealing scam, that uses a phishing site to resemble the Facebook login page. It harvests credentials, and then uses those credentials to spread the notification to the FB friends of the victim. No malware installs are needed to steal one’s credentials, just gullibility. UPDATE 1435 GMT May 2009. now serving "legit" Viagra advertisements. Firefox reporting as a forged site, and was pointing to (localhost). Apparently the FB and MarkMonitor security teams were on this within a few hours. Counterfeit Viagra is only illegal where the patent and trademark can be enforced.

Sign Up for Free or Log In to start participating in the conversation!