A currently circulating across Facebook, multi-layered monetization tactics utilizing, Turkish users targeting, malicious campaign, is attempting to trick users into thinking that they need to install a fake Adobe Flash Player, displayed on a fake YouTube Video page, ultimately serving P2P-Worm.Win32.Palevo on the hosts of the socially engineered (international) users.
Let's dissect the campaign, expose its infrastructure in terms of shortened URLs, redirectors, affiliate network IDs, landing pages, pseudo-random Facebook content generation phone back URLs, legitimate infrastructure hosted content, and provide MD5s for the served malicious content.
Sample redirection chain: hxxp://m3mi.com/10469 ->
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Facebook Spreading, Amazon AWS/Cloudflare/Google Docs Hosted Campaign, Serves P2P-Worm.Win32.Palevo
Subscribe to:
Post Comments (Atom)
-
Introduction In the world of malware reverse engineering , understanding how malware detects debuggers is crucial. One of the most common ... -
In the world of Windows programming, threads are the workhorses that allow applications to perform multiple tasks concurrently. But what if...
No comments:
Post a Comment