최근 나의 구글 멜로 Face북에 친구 요청 메일이 많아 졌다. (참고로 전 페북은 활동이 저조합니다.--;)
이런 메일을 통한 악성 malware를 배포하는 공격이 빈번하다고 한다.
이 메일을 클릭하면 숨겨진 iframe으로 악성 파일을 받아 당신의 컴퓨터를 좀비 피씨로 만들 수 있다.
내용은 아래와 같다.
Fake Facebook friend request, now with hidden iFrame
[출처]http://www.net-security.org/malware_news.php?id=1820
이런 메일을 통한 악성 malware를 배포하는 공격이 빈번하다고 한다.
이 메일을 클릭하면 숨겨진 iframe으로 악성 파일을 받아 당신의 컴퓨터를 좀비 피씨로 만들 수 있다.
내용은 아래와 같다.
Fake Facebook friend request, now with hidden iFrame
A slight variation of last week's Facebook friend request spam email campaign has been spotted targeting the social network's users, and this one employs a two-pronged method of attack.
The email mimics Facebook's legitimate friend request message, but there are a few details that might tip off the recipient off to the real nature of the email: the picture of the person who wants to be friends with the user is not included, and the recipient's email address is omitted from the text in the bottom of the email.
But, let's say that the recipient has been fooled, and he clicks on the "Confirm friend request" button. As in the previous scam, he is taken to a fake Facebook page saying that his version of Macromedia Flash Player is too old to continue, and offering a link for downloading the latest version of the player.
But that's not all - the page now also includes a hidden iFrame that loads data from a remote server hosting the Blackhole Exploit Kit, say M86 Security researchers.
The exploit kit tries to take advantage of Java vulnerabilities in the recipient's system and if it succeeds, it downloads what seems to be a variant of the Zeus banking Trojan.
The email mimics Facebook's legitimate friend request message, but there are a few details that might tip off the recipient off to the real nature of the email: the picture of the person who wants to be friends with the user is not included, and the recipient's email address is omitted from the text in the bottom of the email.
But, let's say that the recipient has been fooled, and he clicks on the "Confirm friend request" button. As in the previous scam, he is taken to a fake Facebook page saying that his version of Macromedia Flash Player is too old to continue, and offering a link for downloading the latest version of the player.
But that's not all - the page now also includes a hidden iFrame that loads data from a remote server hosting the Blackhole Exploit Kit, say M86 Security researchers.
The exploit kit tries to take advantage of Java vulnerabilities in the recipient's system and if it succeeds, it downloads what seems to be a variant of the Zeus banking Trojan.
[출처]http://www.net-security.org/malware_news.php?id=1820
'위험한_친구들 > 십자군_XSS' 카테고리의 다른 글
| Cookiejacking (0) | 2011.09.15 |
|---|---|
| 홍커쪽 XSS 체크리스트 (0) | 2011.09.14 |
| XSSed project (0) | 2011.08.31 |
| HTML Code Injection and Cross-site scripting (0) | 2011.08.31 |
| XSS-Harvest / xss-harvest.pl (0) | 2011.08.29 |
