I am constantly updating on this on my twitter account to avoid list clutter: http://twitter.com/gadievron
You can watch the infection live on a web counter from the hosting provider that the worm points to. This thing is fast-spreading. Gadi. On Wed, 6 Aug 2008, Gadi Evron wrote: > Hi all. > > There's a facebook (possibly worm) something malicious sending fake > messages from real users (friends). > > The sample also has a remote drop site (verified by someone who shall > remain nameless). > > This is possibly zlob, not verified. Thanks Nick Bilogorskiy for his help. > > Infection sites seen so far are on .pl domains. > > The AV industry will soon add detection. > Facebook's security folks are very capable, so I am not worried on that > front. > > It's not that we didn't expect this for a long time now, but... > Be careful. Some users know to be careful in email.. but not on facebook. > > Note: unlike 2003 when we called everything a worm and the 90s when > everything was a virus--this is a bot which also spreads/infects on facebook. > > Gadi. > > > -- > "You don't need your firewalls! Gadi is Israel's firewall." > -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy to the Accountant > General, > Israel's Ministry of Finance, at the government's CIO conference, 2005. > > (after two very funny self-deprication quotes, time to even things up!) > > My profile and resume: > http://www.linkedin.com/in/gadievron > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/