Don't use that new Facebook Toolbar, I mean backdoor!

Search Blog Archives

Recent Posts

Internet Explorer Zero-day Vulnerability (CVE-2013-1347) [Updated]
WebShells WebShells on the Web Server
Cyber Criminals Exploiting the Boston Marathon Aftermath [UPDATED]
DNS Poisoning Hits Kenya Google, MSN, Skype...
Margaret Thatcher's Death Used in Cyber Attacks
How are Java attacks getting through?

Archives

Categories

Websense

Social Media Center
Contact Us
Report malicious activity
Visit the Websense Insights blog
Subscribe to RSS feed
About us
About Websense
Websense.com

Security Sites

Adobe PSIRT
Internet Storm Center
Microsoft MSRC
US-CERT

Don't use that new Facebook Toolbar, I mean backdoor!

Posted: 11 May 2010 08:20 AM

Today our email honeypots found a new message that purported to be from Facebook, advertising a new toolbar. The From line was spoofed to look like the message had actually been sent from the Facebook team. There is no specific recipient name in the message, so it's very generic in how it's addressed. When a recipient downloads and runs the toolbar.exe file (SHA1 51bcf2fc766e7e59f9b8face45b18843a36f37a5) using a link in the message, they are installing a backdoor with decent coverage as a Zapchast IRC backdoor threat.

Screenshot of the malicious Facebook Toolbar email:

Websense Messaging and Websense Web Security customers are protected against this attack.

Chris Astacio

no comments

Name: (required)
Email address: (required)
Comments
Remember me

Leave a Comment