Site icon Panda Security Mediacenter

Facebook spam leads to Exploit Kit

To no wonders, the Blackhole Exploit Kit is still trying to infect users. One of the techniques commonly used is to send the victim an email from for example Facebook, Linkedin, Twitter, …. Asking to click on a link.

We’ll take a small peek at those tactics. We received the following email:

 

Hi ,

You have disabled your Facebook account. You can restore your account at any moment by logging into Facebook using your old login email address and password. Subsequently you will be able to use the site in usual way.

Thanks,
The Facebook Team

Obviously, Facebook didn’t disable your account at all. There are some factors to easily determine this email is fake:

When clicking on any of the links, you are presented (after several redirects) with the Blackhole Exploit Kit (aka BH EK). It tries to load a Java exploit on the machine by firstly detecting which plugin and Java version you are using:

 

The payload? Probably ransomware or a Banker Trojan.

Prevention

Use the NoScript add-on in Firefox or NotScripts in Chrome to prevent this.

Use the WOT add-on to check on the status of a website.

Use your common sense and ask yourself the proper questions (see below).

Use a URL scanner if you’re unsure about a URL. Some examples are VirusTotalURLvoid and URLquery.

Conclusion

As usual with this kind of emails, be alerted and always ask yourself the proper questions:

Use your common sense, update your 3d-party applications as well as Windows, and use a decent antimalware and antivirus product, like Panda Cloud Antivirus free.

Source: http://bartblaze.blogspot.be/2013/01/facebook-spam-leads-to-exploit-kit.html

Exit mobile version