Today I received a strange email from a friend on facebook. She is not the type to send random spammy emails so when I got this I was a little suspicious.

Knowing a little about how this virus was going around I felt pretty sure that I could track it down, without getting infected. So I decided to follow the link in the email – which by the way she sent to all of her facebook.com friends. (Lets hope they did not get the virus)

Once I followed clicked the link – I was redirected from a geocities link http://geocities.com/kellyconway02/index.htm…. to a site that calls itself YuoTube – Broadcast Yourself. Notice this is Yuo, not YouTube… Clever. It also has a reference to Teresa in the header and her picture in the profile to convince an unsuspecting viewer that this is a legit message.

And the profile picture that matches the facebook profile picture.

To make the page look even more believable that they have also included a user review section.

The culmination of the deception is possible because the video window looks like you are missing a plugin in order to watch. They report that you need a new version of Adobe Flash and then the download auto-starts.

This is the popup with the URL and port number for the setup.exe download that is a virus.

I then traced this IP down to the “Korean Education Network” and filed an abuse complaint. Who knows how many people will get hit before they respond.

Suggestions on how to get these guys shut down would be appreciated.