What's up with these two messages I found in my Facebook inbox this morning? Is this some new virus?
Both are addressed to "Hi {RAND}" and have multiple recipients listed. Both contain a single URL followed by a 5-digit number as the message, but the URLs -- and the numbers -- are different. One message reads
bulitre.com (55355)
The other reads
junfunrun.com (95337)
Neither of the URLs is set up as a link so if you did want to check out the pages you would have to type in the address. That combined with the {RAND} in the greeting suggests this is a pretty clumsy attack. Somebody didn't test their code I guess.
On the other hand, I did receive two of these things already, one sent at close to 1 am this morning (Monday June 29) from a California based-user. The other was sent at 10:30 this morning from a Toronto-based Facebooker. So it does seem like this thing is spreading.
If anyone has more info, I'd love to hear it.
**UPDATE**
From Robert McMillan at CSO Security and Risk:
Facebook users are getting private messages from firends this morning containing the words Hi (Rand) and a link to a Web page.
Not surprisingly, this is a scam. In fact the link takes you to a Web site that attacks your computer.
Roger Thompson, Chief Research Officer with AVG Technologies say's the attack appears to be based on the Luckysploit toolkit, which throws a big whack of different attacks -- IE, Adobe, etc -- at your browser. If you're not fully patched, then it installs a rootkit on your PC.
I've seen a message that includes a link to the bulitre. com (don't go to these domains, they will attack you) and in Twitter messages Facebook users also mention the domain junfunrun . com. (which shares the same IP address).
