Facebook worm leads to heavy infection
Posted on 29.11.2011
The researchers of Danish security firm CSIS warn about a new Facebook worm doing rounds and dropping malware.

It spreads by compromising accounts and spamming out the users' friends with a message that contains only a link. If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download:

Unfortunately, it is not a JPG file, but an executable (b.exe). Once executed, it downloads another executable to the system.

"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.

The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

The worm is currently detected only by two of the AV software solutions used by VirusTotal, and it has anti-VM capabilities, which makes it impossible for researchers to test it in virtual environments and sandboxes.

Needless to say, users are advised to be careful about opening suspicious links contained in Facebook messages. If you're not sure whether the message apparently sent by your friend was actually sent by him, it's better to ask him about it. In this case, if he has not, you can also tell him that his computer has probably been infected and his account compromised.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th