Overblog Tous les blogs Top blogs Marketing & Réseaux Sociaux Tous les blogs Marketing & Réseaux Sociaux
Editer l'article Suivre ce blog Administration + Créer mon blog
MENU
Publicité

facebook et le cheval de troye

23 Septembre 2008 , Rédigé par Sandrine Publié dans #networkings

petit message sécurité emis par Websense :

"Websense® Security Labs(TM) ThreatSeeker(TM) Network has discovered a new malicious social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site, Facebook. The email is spoofed to appear from the domain facebookmail.com, an official domain used by Facebook for their outbound emails when notifying their users of an event.

It is common for Facebook to send an email to notify their users when another Facebook user adds them as a friend on the social network. However, the spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse.

A login page to Facebook is included in the body of the email. We have previously alerted on our discovery via our HoneyJax system about a viral Facebook phishing campaign, and thus would not be surprised if the login page presented was merely a fake front to a phishing site.

However, an examination of the HTML form's source code shows that it was indeed passing the user name/password to Facebook itself. This may be to increase the legitimacy of the email to evade reputation-based spam filters. "

Publicité
Partager cet article
Repost0
Pour être informé des derniers articles, inscrivez vous :
Commenter cet article