Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Facebook Malware Campaign

January 03, 2013 - 1 min read
We're seeing a massive campaign of malware distribution through Facebook look-a-like pages that started just before the new year.
Malicious page distributing malware
These pages are using the free DNS and hosting provider .tk. This provider has been used for many spam and malware campaigns in the past. Here are some of the domains used:
  • janejcfprofile.tk
  • natalieclolyu.tk
  • rosemaryrloveyouur.tk
  • sabrinadjoyys.tk
  • catherineufcitisfun.tk
  • rosemaryiiqsuper.tk
  • laurenaensweety.tk
  • carlyqwowdv.tk
So far, we've seen several hundred of such sites. They prompt the user to download a file with various names, such as:
  • YouWhoreGIF.exe
  • YouNiceJPG.exe
  • IamNiceBMP.exe
  • IamNicePNG.exe
  • YouFunnyJPEG.exe
  • IamLolBMP.exe
  • and may more

Only 1 AV vendor detects them as malicious at this time!

Looking at the source code, all the .tk domains load their content from another website through an IFRAME, with content from:
  • liwwh.eqeki.com
  • ngdy.hrdhm.org
  • lsmxz.totyn.net
  • cnpz.nukoq.com
  • ...
These pages then redirect to a third URL on, hosting the malicious executable:
The malicious file is generated by

As usual, do not run files downloaded on random Internet pages.
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.