By Dancho Danchev
Trust is vital, and cybercriminals know that there’s a higher probability that you will click on a link sent by a trusted friend, not from a complete stranger.
Yesterday, one of my Facebook friends sent me a direct message indicating that his host has been compromised, and is currently being used to send links to a malicious .zip archive through direct messages to all of his Facebook friends.
Sample screenshot of the spamvertised direct download link:
Same compromised direct URLs used in the direct messages:
All of these redirect to hxxp://220.127.116.11:81/l.php – tomascloud.com – AS8560 where the user is exposed to a direct download link of Picture15.JPG.zip.
Detection rate: MD5: dfe23ad3d50c1cf45ff222842c7551ae – detected by 20 out of 43 antivirus scanners as Trojan.Win32.Bublik.iez; Worm:Win32/Slenfbot
Webroot SecureAnywhere users are proactively protected from these threats.