Posted by: h4ck@lyst | May 25, 2009

More facebook phishing sites. whiteflash.be goldbase.be .be

UPDATE:1900 Hrs IST, May 26, 2009: More phishing sites come up. This time to the likes of

www vingers(enter dot)ru

After the latest phishing scams on facebook involving the .at domains, the next generation of the same scam seem to be using .be domain names.
The .be domain names that ve come to light so far are but not limited to

  • whiteflash.be
  • goldbase.be
  • sweeter.be
  • bestspace.be

These domains are all operating out of the same ip at 211.95.78.98.
This ip temporarily blocked the sites but the .be sites seem to be up and running again. Facebook is yet to curb these links as of 0130hrs IST, May 25th, 2009.

The latest message format is

Look at this
wwww whiteflash be

Anyway, there is no need to click on any of such .be or erstwhile .at links or put in your facebook username and passwords.
If you accidentally did that, then change you facebook password immediately. If it has already been changed by the rogue malware (there have been reports to this effect), then you can use the lost password link to reset your facebook password

http://www.facebook.com/security

Advertisements

Responses

  1. Just got one of those scams… The IP seems to be China-based, but the whiteflash.be DNS is registered to someone in Russia. This machine seems to host many services, including POP3 & IMAP (and SSL versions), SSH, FTP and MySQL.

  2. Thanks i was confused at my friend who hasnt sent me a message for a while. I just started a new site and so i thought it was relevant. thankf again for the info.
    -Aaron

  3. The goddammm facebook password system….there must be some notification or alert message on their homepage for all of time……

  4. Thanks a lot for this info…

  5. Thanks

  6. thanks

  7. this website has been filtered .please help me to enter this site. thanx

  8. @somayeh: err.. which website?

  9. hey thanks a lot for the information. Stoked loving the updates.

  10. i like to this website. u can help me to enter

  11. Thanks for this explanation – I’m going to post your post on my facebook page as I just received one of the goldbase.be messages the other day. I immediately deleted it, but it appears some of the other recipients did not!
    Thanks again

  12. …I just tried to post a link to this on facebook and it is blocking it! Says it has blocked content…

  13. Damn sneaky – what a crap thing to do!
    I got the link sent to me by my cousin last night, and as I don’t speak to her often I thought her mail was a bit brief.
    Luckily just after I typed in my username I started wondering why a site that has nothing to do with Facebook would need my account details.
    First time I have been exposed to this kind of bulldust – what has the world come to, seriously?

  14. When I tried to put a link to this post on facebook, I received a message that phishing is reported…

  15. @Count Macula, @jjc: Yes, thanks for bringing that to notice. I guess thats coz of the post containing the offensive domain names. FB is trying to prevent any linking to anything containing such addresses but obviously it is not yet smart enough to distinguish between a threat and a report mentioning the threat!

  16. @rivaldo just: You want to use facebook.com? Is it like you are at your workplace where facebook access is denied?

  17. I have reported whiteflash.be to Facebook on
    March 24, seems it is down today.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: