Re: facebook messages worm

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

Gadi Evron [ge () linuxbox org] kirjoitti: 
> On Sun, 10 Aug 2008, Juha-Matti Laurio wrote:
> > It appears that these stats from www.d9.pl are not accessible on Sat 9th Aug:
> >
> > "Bandwidth Limit Exceeded
> > The server is temporarily unable to service your request due to the site 
> > owner reaching his/her bandwidth limit. Please try again later."
>
> I have no idea, I was thinking either some new spreading happened, maybe 
> on myspace, they were attacked, or their uplink was sick of them.
>
> Up to when statistics worked, it wasn't that bad. Less than a million 
> infected.

Yes, that's possible. And the top activity period can be different in Facebook and MySpace.

> > But when checking the site on Friday youtube.xx.pl was not listed any more, 
> > what is the situation now?
>
> There were several other domains, as well.

The good news are, as mentioned at linked Facebook Blog post, that FB security team has  prevented linking to these 
sites. We hope that they blocked all of these sites.

Juha-Matti

> > Juha-Matti
> >
> > Gadi Evron [ge () linuxbox org] kirjoitti: 
> > > I am constantly updating on this on my twitter account to avoid list 
> > > clutter: http://twitter.com/gadievron
> > >
> > > You can watch the infection live on a web counter from the hosting provider 
> > > that the worm points to. This thing is fast-spreading.
> > >
> > >    Gadi.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.