Geting infected through Facebook -- Part 1

Recently I saw an "interesting" URL link on my Facebook. Knowing the person, and I decided to check it out.

Somehow I decided to visit this URL site from one of my virtual computers that I can easily discard. Once on the site and before I got redirected I was able to see this

Since this didn't help much I wanted to check out the source code.

While this was not very useful (yet), I did notice the redirect URL in the status bar of my browser.
This redirection actually took me to different URL addresses at different times of testing.

Once the site loads, it notifies the user that it requires Adobe Flash Player 10.37. Checking out Adobe site the latest version they are offering is

(joke mode = on) This new version (10.37) must be coming from China ;-). They always have the latest versions ;-) (joke mode = off)

I guess this is a good oppurtunity again to stress how important it is that you get your software from trusted and reliable source and not to blindly trust everyone.

There are few links with comments on this site and all of them lead to the same thing -- setup.exe file.

Setup.exe file in this case in 15 KB in size compared to Adobe Flash Player offered by Adobe which is 15 MB in size.

I decided to go forward with this and download and run the setup.exe and see what happens. I will be writing about this in part 2.


Add comment