[Warnung] Facebook PhishMail+Malware

Dieses Thema im Forum "Sicherheit & Datenschutz" wurde erstellt von raid-rush, 20. November 2012 .

Schlagworte:
  1. 20. November 2012
    Zuletzt bearbeitet: 14. April 2017
    Hallo Security Experten,

    Folgende Email, die scheinbar von Facebook kommt und alle Filter besteht habe ich auf einem Account erhalten, der nicht bei Facebook registriert ist.

    Die Email sieht sehr authentisch aus, allerdings ist der Anhang etwas auffällig... warum sollte FB eine zip mit senden?

    Ich tippe stark auf Malware/Trojaner deshalb auch erst mal diese Warnung, weil die Email sehr "echt" aussieht.


    Hier die Zip: Download: Personen_die_du_vielleicht_kennst.zip | www.xup.in

    Enthält eine gleichnamige pdf.exe falls jemand daran interessiert ist...

    Virustotal:



    SHA256: 2e72c441a3ce5e09ce7b851fc35085334f4f11a671c185d0fda77724be156209
    File name: Personen_die_du_vielleicht_kennst.pdf.exe
    Detection ratio: 8 / 43

    SHA1: ae63187252e0bac5f9d98d8e62a416401daa7339
    MD5: fe3377dd6fa21c7c769ca67322a9f88c
    File size: 41.9 KB ( 42855 bytes )


    Code:
     
Return-Path: <[B]syllabificationhb9@facebookmail.com[/B]>
Received: from [COLOR="Red"]d118-75-178-203.nap.wideopenwest.com[/COLOR] ([75.118.203.178])
 
Received: from outmail007.ash2.facebook.com (HELO mx-out.facebook.com) ([66.220.155.141])
 (envelope-sender <notification+kr4y5n2bysqr@facebookmail.com>)
 by [COLOR="Red"]smarthub80.res.a1.net[/COLOR] (qmail-ldap-1.03) with SMTP
 
Return-Path: <notification+kr4y5n2bysqr@facebookmail.com>
DKIM-Signature: v=1; a=rsa-sha256; d=facebookmail.com; s=s1024-2011-q2; c=relaxed/simple;
 q=dns/txt; i=@facebookmail.com; t=1352271481;
 h=From:Subject:Date:To:MIME-Version:Content-Type;
 
Received: from [10.171.19.61] ([10.171.19.61:63343])
 by smout020.ash4.facebook.com (envelope-from <notification+757X2MQO28EQ@facebookmail.com>)
 (ecelerity 2.2.2.45 r(34222M)) with ECSTREAM
 id BB/59-15426-9760A905; Tue, 20 Nov 2012 12:46:28 -0500
X-Facebook: from zuckmail ([MTI3LjAuMC4x]) 
 by async.facebook.com with HTTP (ZuckMail);
Date: Tue, 20 Nov 2012 12:46:28 -0500

From: "Facebook" <notification+kr4y5n2bysqr@facebookmail.com>
Reply-to: noreply <noreply@facebookmail.com>
Subject: Personen, die du vielleicht kennst
Message-ID: <DN0RRZIVQOIFGFXBPB79OSR86THA0GGA@async.facebook.com>
X-Priority: 3
X-Mailer: ZuckMail [version 1.00]
X-Facebook-Notify: close_friend_activity; mailid=FOO41R65A8LOMJ53CO97ORZV27U44W2D
X-FACEBOOK-PRIORITY: 0
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=a__adxdh_63_09_80"

------=a__adxdh_63_09_80
Content-Type: multipart/alternative;
 boundary="----=_adxdh_63_09_80"

------=_adxdh_63_09_80
Content-Type: text/plain;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

 Facebook =
 facebook 
 =
 =
 =
 =
 =
 =
 =
 =
 Personen, die du vielleicht kennst - Mehr =
Details in der beigefugten Datei =
 
 =
 Fuge die Personen hinzu, die du ken=
nst, um ihre Fotos und Aktualisierungen zu sehen. =
 
 =
 
 =
 
 =
 
 =
 
 =
 =
 =
 =
 =
 =
 =
 =
 Weiter=
e Freunde finden =
 
 =
 =
 
 =
 =
 =
 =
 =
 =
 =
 Gehe zu Facebook =
 
 =
 =
 
 =
 
 =
 
 =
 
 
 Fall=
s du diese E-Mails in Zukunft nicht von Facebook erhalten mochtest, deakt=
ivieren.Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alt=
o, CA 94303 
 
 
------=_adxdh_63_09_80
Content-Type: text/html;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-=
1">
<STYLE></STYLE>
</HEAD>
<BODY>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional //EN">
<html>
 =
 <head>
 <title>Facebook</title>
 <meta http-equiv=3D"Content-=
Type" content=3D"text/html; charset=3Dutf-8" />
 </head>
 <body style=
=3D"margin: 0; padding: 0;" dir=3D"ltr">
 <table cellspacing=3D"0" c=
ellpadding=3D"0" id=3D"email_table" style=3D"border-collapse:collapse;wid=
th:98%;" border=3D"0">
 <tr>
 <td id=3D"email_content"=
 style=3D"font-size:12px;font-family:'lucida grande',tahoma,verdana,arial=
,sans-serif;">
 <table cellspacing=3D"0" cellpadding=3D"0" =
style=3D"border-collapse:collapse;width:620px;">
 <tr>
 =
 <td style=3D"font-size:16px;font-family:'lucida grand=
e',tahoma,verdana,arial,sans-serif;background:#3b5998;color:#FFFFFF;font-=
weight:bold;vertical-align:baseline;letter-spacing:-0.03em;text-align:lef=
t;padding:5px 20px;"><a style=3D"text-decoration: none;" href=3D"http://w=
ww.facebook.com/n/?find-friends%2Fbrowser%2F&amp;mid=3D70403a6G5af40da051=
a2G0G114&amp;bcode=3D1.1352271480.Abl29FxQj1w275ZW&amp;n_m=[COLOR="Red"]3Dlema7%40a1.net[/COLOR]&amp;lloc=3Dlogo"><span style=3D"background:#3b5998;color:#FFFFFF;font-=
weight:bold;font-family:'lucida grande',tahoma,verdana,arial,sans-serif;v=
ertical-align:middle; font-size:16px;letter-spacing:-0.03em;text-align:le=
ft;vertical-align:baseline;">facebook</span></a></td>
 <=
/tr>
 </table>
 <table cellspacing=3D"0" cell=
padding=3D"0" style=3D"border-collapse:collapse;width:620px;" border=3D"0=
" width=3D"620px">
 <tr>
 <td style=
=3D"font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,sans-ser=
if;padding:0px;background-color:#f2f2f2;border-left:none;border-right:non=
e;border-top:none;border-bottom:none;">
 <table ce=
llspacing=3D"0" cellpadding=3D"0" width=3D"620px" style=3D"border-collaps=
e:collapse;">
 <tr>
 =
 <td style=3D"font-size:11px;font-family:LucidaGrande,tahoma,verdana,ar=
ial,sans-serif;padding:0px;width:620px;">
 =
 <table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" style=3D"border=
-collapse:collapse;width:100%;">
 <tr>=

 <td style=3D"font-size:11px;font-=
family:LucidaGrande,tahoma,verdana,arial,sans-serif;padding:20px;backgrou=
nd-color:#fff;border-left:none;border-right:none;border-top:none;border-b=
ottom:none;">
 <table cellspacin=
g=3D"0" cellpadding=3D"0" style=3D"border-collapse:collapse;width:100%;">=

 <tr>
 =
 <td style=3D"font-size:11px;font-family:LucidaG=
rande,tahoma,verdana,arial,sans-serif;padding-bottom:10px;">
 =
 <table cellspacing=3D"0" cellpaddi=
ng=3D"0" style=3D"border-collapse:collapse;width:100%;">
 =
 <tr>
 =
 <td style=3D"font-size:11px;font-family:Lucida=
Grande,tahoma,verdana,arial,sans-serif;padding-bottom:5px;"><span style=
=3D"color:#111111;font-size:14px;font-weight:bold;">
 =
 Personen, die du vielleicht kenns=
t - Mehr Details in der beigefugten Datei</span>
 =
 </td>
 =
 </tr>
 =
 <tr>
 <td =
style=3D"font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,san=
s-serif;padding-top:5px;"><span style=3D"font-size:13px;">Fuge die Person=
en hinzu, die du kennst, um ihre Fotos und Aktualisierungen zu sehen.</sp=
an></td>
 </tr>
 =
 </table>
 =
 </td>
 =
 </tr>
 <tr>
 =
 <td style=3D"font-size:11px;font-=
family:LucidaGrande,tahoma,verdana,arial,sans-serif;padding-top:10px;bord=
er-top:1px solid #e8e8e8;"></td>
 =
 </tr>
 </table>
 =
 </td>
 </t=
r>
 </table>
 =
 </td>
 </tr>
 <tr>
=
 <td style=3D"font-size:11px;font-family:Luc=
idaGrande,tahoma,verdana,arial,sans-serif;padding:0px;width:620px;">
 =
 <table cellspacing=3D"0" cellpadding=3D"0" s=
tyle=3D"border-collapse:collapse;width:100%;" border=3D"0">
 =
 <tr>
 <td st=
yle=3D"font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,sans-=
serif;padding:7px 20px;background-color:#f2f2f2;border-left:none;border-r=
ight:none;border-top:1px solid #ccc;border-bottom:1px solid #ccc;">
 =
 <table cellspacing=3D"0" cellpadding=
=3D"0" style=3D"">
 <tr>
 =
 <td style=3D"font-size:11px;f=
ont-family:LucidaGrande,tahoma,verdana,arial,sans-serif;padding-left:100p=
x;">
 <table cellspacin=
g=3D"0" cellpadding=3D"0" style=3D"border-collapse:collapse;">
 =
 <tr>
 =
 <td style=3D"border-width: 1px;border-st=
yle: solid;border-color: #29447E #29447E #1a356e;background-color: #5b74a=
8;">
 <table c=
ellspacing=3D"0" cellpadding=3D"0" style=3D"border-collapse:collapse;">
 =
 <tr>
 =
 <td style=3D"=
font-size:11px;font-family:LucidaGrande,tahoma,verdana,arial,sans-serif;p=
adding:2px 6px 4px;border-top:1px solid #8a9cc2;"><a href=3D"http://www.f=
acebook.com/n/?find-friends%2Fbrowser%2F&amp;mid=3D70403a6G5af40da051a2G0=
G114&amp;bcode=3D1.1352271480.Abl29FxQj1w275ZW&amp;n_m=3Dlema7%40a1.net&a=
mp;lloc=3Dcta" style=3D"color:#3b5998;text-decoration:none;"><span style=
=3D"font-weight:bold;white-space:nowrap;color: #fff;font-size: 13px;">Wei=
tere Freunde finden</span></a></td>
 =
 </tr>
 =
 </table>
 =
 </td>
 <=
/tr>
 </table>
 =
 </td>
 =
 <td style=3D"font-size:11px;font-family:LucidaGrande=
,tahoma,verdana,arial,sans-serif;padding:0px 5px;"></td>
 =
 <td style=3D"font-size:11px;font-family:L=
ucidaGrande,tahoma,verdana,arial,sans-serif;padding:7px 0px 6px;">
 =
 <table cellspacing=3D"0" cel=
lpadding=3D"0" style=3D"border-collapse:collapse;">
 =
 <tr>
 =
 <td style=3D"border-width: 1px;border-style: solid;=
border-color: #999 #999 #888;background-color: #eee;">
 =
 <table cellspacing=3D"0" cellpa=
dding=3D"0" style=3D"border-collapse:collapse;">
 =
 <tr>
 =
 <td style=3D"font-size:11px;font-fam=
ily:LucidaGrande,tahoma,verdana,arial,sans-serif;padding:2px 6px 4px;bord=
er-top:1px solid #fff;"><a href=3D"http://www.facebook.com/n/?home.php&am=
p;mid=3D70403a6G5af40da051a2G0G114&amp;bcode=3D1.1352271480.Abl29FxQj1w27=
5ZW&amp;n_m=3Dlema7%40a1.net&amp;lloc=3D2nd_cta" style=3D"color:#3b5998;t=
ext-decoration:none;"><span style=3D"font-weight:bold;white-space:nowrap;=
color: #333;font-size: 13px;">Gehe zu Facebook</span></a></td>
 =
 </tr>
 =
 </table>
 =
 </td>
 =
 </tr>
 =
 </table>
 </td>
=
 </tr>
 =
 </table>
 </td>=

 </tr>
 =
 </table>
 </td>
 =
 </tr>
 </table>
 </td>
 =
 </tr>
 </table>
 <table cellspac=
ing=3D"0" cellpadding=3D"0" border=3D"0" style=3D"border-collapse:collaps=
e;width:620px;">
 <tr>
 <td style=3D=
"font-size:11px;font-family:'lucida grande', tahoma, verdana, arial, sans=
-serif;padding:30px 20px;background-color:#fff;border-left:none;border-ri=
ght:none;border-top:none;border-bottom:none;color:#999999;border:none;">F=
alls du diese E-Mails in Zukunft nicht von Facebook erhalten mochtest, <a=
 href=3D"http://www.facebook.com/o.php?k=3DAS2ZCkTJPItI2EtB&amp;u=3D10000=
4247130530&amp;mid=3D70403a6G5af40da051a2G0G114" style=3D"color:#3b5998;t=
ext-decoration:none;">deaktivieren</a>.<br />Facebook, Inc., Attention: D=
epartment 415, PO Box 10005, Palo Alto, CA 94303</td>
 <=
/tr>
 </table>
 <span style=3D"width:620px;">=
<img src=3D"http://www.facebook.com/email_open_log_pic.php" style=3D"bord=
er:0;width:1px;height:1px;" /></span>
 </td>
 </tr>
 =
 </table>
 </body>
</html>
</BODY></HTML>

------=_adxdh_63_09_80--

------=a__adxdh_63_09_80
[B][COLOR="Red"]Content-Type: application/zip; name="Personen_die_du_vielleicht_kennst.zip"[/COLOR][/B]
Content-Transfer-Encoding: base64
Content-ID: <000301cdc71d$0ed065d0$6901a8c0@VFBW6I>



------=a__adxdh_63_09_80--
     
    + Multi-Zitat Zitieren
  3. 20. November 2012
    AW: [Warnung] Facebook PhishMail+Malware

    Hast du den Mail-Header? Von welchem Mail-Server kam die Mail denn?
     
    + Multi-Zitat Zitieren
  4. 21. November 2012
    Zuletzt bearbeitet: 21. November 2012
    AW: [Warnung] Facebook PhishMail+Malware

    Header wurde ja zitiert, allerdings verdammt gut gefaked. Sendender Server sieht komplett nach Facebook aus.
     
    + Multi-Zitat Zitieren
  5. 21. November 2012
    AW: [Warnung] Facebook PhishMail+Malware


    ja nachdem ich gefragt habe wurde das reineditiert


    Ahm nunja vllt kann ja jemand wie N0S oder Alex² mal die Datei auseinandernehmen..
     
    + Multi-Zitat Zitieren
  6. Video Script

    Videos zum Themenbereich

    * gefundene Videos auf YouTube, anhand der Überschrift.

Auf dieses Thema antworten