"helloIt was followed by the following link:, howdy?? lisen i got a new friend here..sh ex kinda new here..maybe you can give her a lil tym so she can enjoy here?? not forcin u but u can chk out =)
http://www.facebook.comIt looks pretty legit at first glace, but if you take a close look you will notice that the domain is actially for dortos.net..profile.id.aymacc.2810ly6l .dortos.net/facebook/index.php ?id=5aaz6677&auth=j5xp2&cyua =hwy9e1l821
Whois information from whois.net
Now the thing that I found wierd was that when I logged into my profile on facebook I still got a notification about the wall post, but there was no post on my wall.
I cautiously opened the link to the fake profile and Firefox 3 Beta blocked it. (See screenshot)
I then decided to open the page up in IE8 and guess what. It looks identical to the facebook login screen. Except that it aint. (screenshot below)
This is a typical phishing attempt. I imagine that my buddy who sent the origional wall post recieved the same thing and his account was compromised. My personal information was then obtained through his profile and a wallpost was placed on my wall.
I am not sure exactly what is going on, but I recon there will be some information once the security researches around the world get a similar "phantom wall post".
I guess this is another reason to upgrade to Firefox 3 :P
No comments:
Post a Comment