Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Facebook Spreading, Amazon AWS/Cloudflare/Google Docs Hosted Campaign, Serves P2P-Worm.Win32.Palevo

A currently circulating across Facebook, multi-layered monetization tactics utilizing, Turkish users targeting, malicious campaign, is attempting to trick users into thinking that they need to install a fake Adobe Flash Player, displayed on a fake YouTube Video page, ultimately serving P2P-Worm.Win32.Palevo on the hosts of the socially engineered (international) users.

Let's dissect the campaign, expose its infrastructure in terms of shortened URLs, redirectors, affiliate network IDs, landing pages, pseudo-random Facebook content generation phone back URLs, legitimate infrastructure hosted content, and provide MD5s for the served malicious content.

Sample redirection chain: hxxp://m3mi.com/10469 ->

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Facebook Spreading, Amazon AWS/Cloudflare/Google Docs Hosted Campaign, Serves P2P-Worm.Win32.Palevo