{
	"id": "a662dc81-3f03-4ccc-a56e-5b12f115e2ba",
	"created_at": "2026-04-06T00:08:47.488435Z",
	"updated_at": "2026-04-10T03:20:30.80908Z",
	"deleted_at": null,
	"sha1_hash": "9e1ee60ee1fae0f81bd701a198949acadda20ff8",
	"title": "New phishing campaign against Facebook led by Zeus",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 118968,
	"plain_text": "New phishing campaign against Facebook led by Zeus\r\nArchived: 2026-04-05 14:20:08 UTC\r\nMalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security,\r\ncriminology computing and information security in general, always from a perspective closely related to the\r\nfield of intelligence.\r\nNew phishing campaign against Facebook led by Zeus\r\nUpdated 15.03.2010\r\nNew domains have been released and has multi-stage attack whereby you chain multiple websites with malicious\r\ncontent.\r\nThe last download a binary called\r\nupdate.exe (19d9cc4d9d512e60f61746ef4c741f09) which is a variant of the trojan ZeuS, which has a high\r\ndetection rate.\r\nThe sequence is as follows:\r\nOriginal 14.03.2010\r\nAt this point the \"circus\", no doubt, as I always say, that ZeuS is the \"creme de la creme\" current on crimeware.\r\nhttp://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html\r\nPage 1 of 4\n\nSome time ago we warned about different campaigns where the employer, in all cases without exception, is the\r\nexploitation of social engineering to execute a fraudulent component, and the goal is the theft of sensitive\r\ninformation.\r\nCases like the previous campaign by using the image of ZeuS Facebook and phishing attacks using popular\r\nservices such as primary coverage, including IRS, VISA, Google and Blogger, among many others, are concrete\r\nexamples that demonstrate what is the magnitude of the business ZeuS offers computer criminals.\r\nA few days ago, a new campaign to materialize from the hand of ZeuS, involving a large battery of malicious\r\ndomains. Among them:\r\ndownloads.legomay.com/id735rp/LoginFacebook.php\r\ndownloads.legomay.net/id735rp/LoginFacebook.php\r\ndownloads.legomay.org/id735rp/LoginFacebook.php\r\ndownloads.megavids.org/id735rp/LoginFacebook.php\r\ndownloads.migpix.com/id735rp/LoginFacebook.php\r\ndownloads.migpix.net/id735rp/LoginFacebook.php\r\ndownloads.migpix.org/id735rp/LoginFacebook.php\r\ndownloads.modavedis.com/id735rp/LoginFacebook.php\r\ndownloads.modavedis.net/id735rp/LoginFacebook.php\r\ndownloads.modavedis.org/id735rp/LoginFacebook.php\r\ndownloads.portodrive.org/id735rp/LoginFacebook.php\r\ndownloads.reggiepix.com/id735rp/LoginFacebook.php\r\ndownloads.reggiepix.net/id735rp/LoginFacebook.php\r\ndownloads.reggiepix.org/id735rp/LoginFacebook.php\r\ndownloads.regzapix.com/id735rp/LoginFacebook.php\r\ndownloads.regzapix.net/id735rp/LoginFacebook.php\r\ndownloads.regzapix.org/id735rp/LoginFacebook.php\r\ndownloads.regzavids.com/id735rp/LoginFacebook.php\r\ndownloads.regzavids.net/id735rp/LoginFacebook.php\r\ndownloads.regzavids.org/id735rp/LoginFacebook.php\r\ndownloads.restopix.org/id735rp/LoginFacebook.php\r\ndownloads.restpictures.com/id735rp/LoginFacebook.php\r\ndownloads.restpictures.net/id735rp/LoginFacebook.php\r\ndownloads.restpictures.org/id735rp/LoginFacebook.php\r\ndownloads.restway.net/id735rp/LoginFacebook.php\r\ndownloads.restway.org/id735rp/LoginFacebook.php\r\ndownloads.tastyfiles.net/id735rp/LoginFacebook.php\r\ndownloads.vedivids.com/id735rp/LoginFacebook.php\r\ndownloads.vedivids.net/id735rp/LoginFacebook.php\r\ndownloads.vedivids.org/id735rp/LoginFacebook.php\r\ndownloads.vediway.com/id735rp/LoginFacebook.php\r\nhttp://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html\r\nPage 2 of 4\n\ndownloads.vediway.net/id735rp/LoginFacebook.php\r\ndownloads.vediway.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.legomay.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.legomay.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.legomay.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.megavids.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.migpix.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.migpix.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.migpix.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.modavedis.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.modavedis.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.modavedis.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.portodrive.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.reggiepix.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.reggiepix.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.reggiepix.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.regzapix.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.regzapix.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.regzapix.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.regzavids.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.regzavids.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.regzavids.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.restopix.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.restpictures.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.restpictures.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.restpictures.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.restway.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.restway.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.tastyfiles.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.vedivids.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.vedivids.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.vedivids.org/id735rp/LoginFacebook.php\r\nauth.facebook.com.vediway.com/id735rp/LoginFacebook.php\r\nauth.facebook.com.vediway.net/id735rp/LoginFacebook.php\r\nauth.facebook.com.vediway.org/id735rp/LoginFacebook.php\r\nEven in the same URL format strategy is being used by another known crimeware: Phoenix Exploit Pack.\r\nhttp://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html\r\nPage 3 of 4\n\nRelated information\r\nZeus and the theft of sensitive information\r\nFacebook \u0026 VISA phishing campaign proposed by ZeuS\r\nNew ZeuS phishing campaign against Google and Blogger\r\nZeuS on IRS Scam remains actively exploited\r\nLeveraging ZeuS to send spam through social networks\r\nZeuS Botnet y su poder de reclutamiento zombi\r\nZeuS, spam y certificados SSL\r\nEficacia de los antivirus frente a ZeuS\r\nSpecial!!! ZeuS Botnet for Dummies\r\nBotnet. Securización en la nueva versión de ZeuS\r\nFusión. Un concepto adoptado por el crimeware actual\r\nZeuS Carding World Template. (...) la cara de la botnet\r\nFinancial institutions targeted by the botnet Zeus. Part two\r\nFinancial institutions targeted by the botnet Zeus. Part one\r\nLuckySploit, the right hand of ZeuS\r\nBotnet Zeus. Mass propagation of his Trojan. Part two\r\nBotnet Zeus. Mass propagation of his Trojan. Part one\r\nJorge Mieres\r\nSource: http://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html\r\nhttp://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"http://malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html"
	],
	"report_names": [
		"new-phishing-campaign-against-facebook.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434127,
	"ts_updated_at": 1775791230,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9e1ee60ee1fae0f81bd701a198949acadda20ff8.pdf",
		"text": "https://archive.orkl.eu/9e1ee60ee1fae0f81bd701a198949acadda20ff8.txt",
		"img": "https://archive.orkl.eu/9e1ee60ee1fae0f81bd701a198949acadda20ff8.jpg"
	}
}