Simmons Consulting, the Website of Toby Simmons

Archive for February, 2010

Facebook ads malware

22
Feb

Not sure what is going on with Facebook but I logged on this evening and within two clicks, received a scareware/malware-type popup message. It said something about “Hey your computer is infected, Do you want to scan it now?” This was a Javascript popup message with an “OK” and “Cancel” button. I clicked “Cancel” and immediately the browser window was covered up with a fake Windows dialog box showing a progress bar and a flashing “Scanning!” prompt. I closed the browser immediately and noticed the URL of the malicious page. It was from (DO NOT LOAD THIS WEBSITE)

http:// 217.23.5.205/ index.html

The IP address appears to be owned by an outfit in the Netherlands.

This page had some simple attempts at Javascript obfuscation but essentially it covered up the browser window with a <div> that looked like an Explorer window with infected files. Bear this in mind while browsing.