<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

ThreatSTOP Blocking New Facebook Malware

There is some nasty Facebook spread malware going around at the moment. F-Secure states that the malware infects users in the US and UK and applies to both Mac and PC users.

According to F-Secure's report (linked above) the malware is downloaded (after the usual series of redirects) from newtubes.in. This domain resolves to the address (name servers for the domain itself ( and I'm pleased, but unsurprised, to note that both these IP addresses are already blocked by ThreatSTOP as they are in the RBN feed and have been for at least a month.

It is worth noting that a number of domains also point to this IP address - various subdomains of newtubes.in as well as subdomains of finetube.in and goldtube.in and the single domain www.getmonclerjackets.com. I'm pretty sure that all of them are malware droppers so this is a good illustration that the blocking of the IP address is more efficient than the dropping of the DNS name lookups.

Share this:


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter