Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Facebook phising using Belgium (.be) domains - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Facebook phising using Belgium (.be) domains

This is not new or exciting, but as we have received several reports during the weekend (thanks to all that wrote in - Kevin, Mike, Rick), you all should know what is going on. It seems a new Facebook phising/spam/"worm" campaign is doing the rounds. It uses Belgium domains (.be) to impersonate the Facebook login page and steal the user credentials.

Some of the malicious domains being used are redfriend dot be, redbuddy dot be, picoband dot be... (at this point, none of them can be resolved).

It's recommended to filter access to all them (and the others coming)!

--
Raul Siles
www.raulsiles.com

Raul Siles

152 Posts
I got this in a message on facebook: "wwww whiteflash be". Facebook deleted the message themselves and when I go to the URL Firefox reports it as a forgery.
Anonymous
URL redirectors such as tinyurl have email addresses where said redirects can be shut down, and relatively fast. This isn't true for all of them, but a majority of the public ones have this option.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!