I've just received several more Facebook e-mails that point to URL's hosted on a botnet, and both steal your information, load an iFrame to an exploit, and finally, offer you an "update tool", that is the well known Zbot infection.
Sadly, Outlook 2007 isn't letting my Outlook Export application work properly, so I've had to grab the IP's and such manually (well, via hpObserver ;)).
The URL in the e-mail, points to the following;
LoginFacebook.php, besides stealing your information, loads an exploit via a hidden iFrame, from;
Once you've been exploited, and handed over your information, you're taken to;
Which leads to the Zbot infection at;
The e-mail is of course, in HTML format originally, but the plain text (you do use plain text e-mail, right?) contains;
PLEASE ensure you are checking your machine for signs of infection, and if you need any help, ASK!
Received another one with 2 new URL's in it.
We've got some more folks. Shazza over at Web of Trust's forums, asked if I could provide any info on the IRS botnet, and during my initial analysis, I discovered (and I suspect many others have discovered before me), that the Facebook botnet is also the IRS botnet;
Are you helping the Facebook botnet?