Simmons Consulting, the Website of Toby Simmons

Facebook ads malware

22
Feb

Not sure what is going on with Facebook but I logged on this evening and within two clicks, received a scareware/malware-type popup message. It said something about “Hey your computer is infected, Do you want to scan it now?” This was a Javascript popup message with an “OK” and “Cancel” button. I clicked “Cancel” and immediately the browser window was covered up with a fake Windows dialog box showing a progress bar and a flashing “Scanning!” prompt. I closed the browser immediately and noticed the URL of the malicious page. It was from (DO NOT LOAD THIS WEBSITE)

http:// 217.23.5.205/ index.html

The IP address appears to be owned by an outfit in the Netherlands.

This page had some simple attempts at Javascript obfuscation but essentially it covered up the browser window with a <div> that looked like an Explorer window with infected files. Bear this in mind while browsing.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>