Facebook alert: darkroomevents.com message leads to phishing site

By
playthis
February 1, 2010Posted in: Features

Facebook inbox phishing attack

Facebook message

A new Facebook inbox message phishing scheme has  been spread around today, which will lead to a fake Facebook login screen.The phishing inbox message will say Hi, “your name” and a link to darkroomevents.com. If you see this message, immediately tell the person who sent it to you to change their password and run a virus scan.

This is not a result of the popular koobface worm, but a previous phishing attack that got the users password. Please note that this has not been completely confirmed as of yet, but it would seem many users have been attacked at the same time. This may once again be a result of a compromised Facebook application taking over users accounts.

When going to login screens for any site, make sure the correct URL is shown. You will notice below that there are odd numbers in the URL, which represents the page to be a fake.

crud

Fake Facebook login site.

Avoid going to the site altogether if you can, if you have accidentally already gone to that site and tried to sign in, change your password immediately.

Google search engines and most browsers will warn you when clicking the darkroomevents.com link that it is compromised.

From what we can tell, this is a very similiar event that takes place before the Koobface Worm attacks.

Removing the worm

The first wave of the infection starts with mass Facebook messages being sent out. The second attack will then use the Facebook accounts that the first attack successfully stole and then spam on all of their friends walls to go to a particular site and download a virus scanner, which is in fact a virus itself.

From that point on it’s hard to say what the virus will do. It can do anything from steal your credit card information to your private computer data.

If you have put in your information in the phishing site, immediately change your password, delete your computer cookies and be sure that the e-mail addresses you have on file with Facebook have not changed. At times hackers will change your e-mail address so when you request password resets it will go to them as well.

*Note: This may not be connected with the Koobface worm; however, the similarities between how it attacks users is exactly the same and users should be extremely careful.

Tags: , , , , , , ,

About the Author