funsec mailing list archives

Re: facebook messages worm

From: "John C. A. Bambenek, GCIH, CISSP" <bambenek.infosec () gmail com>
Date: Thu, 7 Aug 2008 10:58:07 -0500

It's not just that they send out e-mails... they send out e-mails with
clickable links... it wouldn't be too hard to say:

Spam the world NOT through facebook, but to completely mimic a standard
facebook message.  Have a clickable link that shows the login URL, but
points to bad site, bad site drops in code and redirects you back to the
actual facebook login page.

Done right, could be real sexy.

Has anyone heard of digital signatures for e-mail? :)

On Thu, Aug 7, 2008 at 5:26 AM, Gadi Evron <ge () linuxbox org> wrote:

Yep!

Jeff Chan is really quick with adding malicious URLs, and as you
know--facebook sends out emails when you get a message there.

       Gadi.


On Thu, 7 Aug 2008, Martin Tomasek wrote:

spamassassin catched your email with following messages:

Content analysis details:   (8.6 points, 5.0 required)

pts rule name              description
---- ----------------------
--------------------------------------------------
2.0 URIBL_PH_SURBL         Contains an URL listed in the PH SURBL

blocklist

                           [URIs: zzzping.com]
2.1 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL

blocklist

                           [URIs: zzzping.com]
2.5 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL

blocklist

                           [URIs: zzzping.com]
2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                           [URIs: zzzping.com]


:-))

--
Martin Tomasek

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: [Full-disclosure] facebook messages worm Juha-Matti Laurio (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
  - Re: facebook messages worm Martin Tomasek (Aug 07)
    - Re: facebook messages worm Gadi Evron (Aug 07)
    - Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
    - Re: facebook messages worm Valdis . Kletnieks (Aug 07)
    - Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
    - Re: facebook messages worm der Mouse (Aug 07)
    - Re: facebook messages worm Valdis . Kletnieks (Aug 07)
    - Re: facebook messages worm der Mouse (Aug 07)