IT Security Blog

Be on the lookout this morning for a phishing scam floating around Facebook asking you to visit http://areps.at, a domain registered only a few days ago to someone named Andrew Morov out of Russia.  (UPDATE 5/21/2009 11:30am MST - According to this CNet article, the domain bests.at is also being used for this scam, registered to the same person as areps.at)

personname:     Andrey Morov
organization:   
street address: Schelkovskiy proezd d.11 korp.1 kv.3
postal code:    105425
city:           Moscow
country:        Russland
phone:          +74956211281
fax-no:         +74956211281
e-mail:         ******@nameclub.at
nic-hdl:        AM5009456-NICAT
changed:        20090515 15:23:43
source:         AT-DOM

Visiting this site will also infect your Facebook profile and cause messages to be sent to your friends inviting them to also visit.  Below is a screen shot illustrating the contents of the message you may receive from an infected friend.







If you do receive any of these, contact the person who sent it to you and ask them to change their password ASAP.  If you believe that you might have fallen victim to this scam, change your own profile password before whoever has hijacked your account changes it for you and locks you out of your own account!