Facebook Worm, Part 2
As I wrote yesterday, our IT Manager warned us of a Facebook worm that is making the rounds. Below is an e-mail from him with updated information on this:
<!– /* Font Definitions */ @font-face {font-family:”Cambria Math”; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-1610611985 1073750091 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:”"; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:”Calibri”,”sans-serif”; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} p.MsoPlainText, li.MsoPlainText, div.MsoPlainText {mso-style-noshow:yes; mso-style-priority:99; mso-style-link:”Plain Text Char”; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.5pt; font-family:Consolas; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} span.PlainTextChar {mso-style-name:”Plain Text Char”; mso-style-noshow:yes; mso-style-priority:99; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:”Plain Text”; mso-ansi-font-size:10.5pt; mso-bidi-font-size:10.5pt; font-family:Consolas; mso-ascii-font-family:Consolas; mso-hansi-font-family:Consolas;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} –>
“I have some new information about the Facebook Worm.
“As I said yesterday there are other ways this worm is being distributed. This morning I received the attached email which when you click the link redirects you to a page that attempts to install a keylogger, this is the same type of attack that the Facebook worm is conducting. What makes this one particularly bad for the agency is it looks like a legitimate CNN new alert, and redirects you to a legitimate looking CNN video page that attempts to install a keylogging software package. The phishing emails that are being sent are so legitimate looking that they are getting past even the most sophisticated spam filters including ours.
“The keylogging software it installs is designed to steal your passwords to our network, your banking and credit card sites, and any other useful info that you type in on your computer. Once it has this info it is sending it to a server in Eastern Europe.
“I also said that it is attacking Windows users, but it appears that it is also attacking Firefox users on Macs and PCs, as well as any Windows computer. So in short, DO NOT assume that if you are on a Mac this does not impact you.
“Please be on the look out for these suspicious looking emails as I suspect we will see more attacks like this that appear to come from other legitimate sources. If you are asked to install video player update or flash update from your web browser DO NOT DO IT. Force Quit or shut down your browser right away!”
