mikkohypponen

People run IE 6 all the time. What the hell.

'What would you like to drink? It's on me.'

hunter2.

Yes, Google is doing a great job! Their products are excellent!

I just wish I could pay for them with money. Instead of paying for them with my data.

I remember spotting a Facebook worm spreading from one user account to another couple of years ago. It was brand new, but spreading very fast and it was clear that it could potentially infect millions of accounts.

When investigating the domain name linked to the attack (fbhole dot com), I got lucky. The domain pointed to an IP address in Czech Republic. I did a reverse search for the IP address and noted that it hosted one other domain name: ironbrain dot net. More importantly, unlike fbhole dot com, which was registered with privacy protection, this domain had contact information in the WHOIS database, complete with a Czech phone number.

So I called the number.

The call went roughly like this:

– Hello?

– Hi. This is Mikko Hypponen from F-Secure Labs.

– What is this about?

– I'm looking for a person related to ironbrain dot net.

– ???

– We're investigating a Facebook worm on fbhole dot com. That domain shares an IP address with ironbrain dot net which is registered under your name.

– And you are?

– I'm from an antivirus company. Are you related to ironbrain dot net?

– I'll have to check… maybe my company is…

– Please do.

– Bye…

[Click]

About 15 seconds later, both fbhole dot com and ironbrain dot net went offline. The attack was over.