I ran into a few strange IMs over the weekend. When I was not shoveling out my driveway from the 15 inches of snow that covered it I was logged into Facebook telling people about it…. It was then that I started receiving some VERY interesting IMs from a friend extolling the virtues of a clean colon (yep – you read that right):
This lead to the following questionable site, which had some very interesting comments on McAfee SiteAdvisor site:
In short order I also received two more IMs. The first was a video (sound familiar???):
Which lead to a pretty darn good fake Facebook login page (note the SiteAdvisor warning on that page!):
The address this page was hosted on also had a VERY malicious reputation rating from McAfee TrustedSource technology:
Last but not least I got one that included sales pricing for Christmas!!! It is the holidays and scammers certainly like using seasonal trends:
This lead to a really well done “replicas” site with brands such as Rolex, Tiffany, Breitling and others:
I contacted my friend (who was certainly NOT the sending IMs knowingly) and got them fixed up pretty quickly. Not surprisingly it was a Koobface variant on the local machine they were logging into Facebook from.
Facebook is one of the greatest and most popular sites on the Internet today. It has a huge user base, and as such is heavily targeted by scammers and malware writers. Make sure the computer you are accessing it from has up-to-date and properly configured security software!