Koobface 0x3e8 Folders and setup.exe Links

Koobface continues to tweet its assault on the twittersphere and social networking sites. Here is an abbreviated list of the more high volume Koobface urls that the ThreatFire community has been protected from over the past 48 hours. See a pattern here (DO NOT VISIT ANY OF THESE LINKS AND DOWNLOAD THE MALWARE SERVED THERE)? /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /1/PP.11.EXE /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /SETUP.EXE /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /SETUP.EXE /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /1/FB.58.EXE /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe /0x3e8/setup.exe

Obviously, this is a fairly well automated scheme. The site locations are scattered throughout the globe. All the sites that we have visited serve up the same rather uninspired video presentation with a familiar and phony “Flash Player upgrade required” page. It serves malicious Koobface binaries from a most likely fictitious Bruno Carlot and his video about Hong Kong:

As always, exercise a high level of caution when reading tweets with links, and add a behavioral layer of protection to your system.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>