Websense’Security Alert about Facebook
March 2009 by Websense
Websense Security Labs ThreatSeeker Network has received reports of spoofed Facebook email messages that contain malicious links. The messages look similar to legitimate Facebook messages and invite recipients to click on the link contained in the message to view a video.
Message subjects seen have been:
FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by Betsy Person)
FaceBook message: Dancing girl oriental dance ... (Last rated by Abdul Kay)
FaceBook message: Magnificent Striptease Dance (Last rated by Rosalind Lindsey)
FaceBook message: Watch the Oooh! Super Beautiful Girl Dancing (Last rated by Delores Tucker)
FaceBook message: Hot Girl Dancing At Striptease Dance Party
If recipients of this message click the link, they are taken to a malicious Web site that looks similar to Facebook and that prompts them to install a file called "Adobe_Player11.exe". This file (SHA1 70456cd86d458452ee172a791cf1b9cfaf944ef0) has very little anti-virus coverage, according to Virustotal.
Websense Messaging and Websense Web Security customers are protected against this attack.