It spreads by compromising accounts and spamming out the users' friends with a message that contains only a link. If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download:
Unfortunately, it is not a JPG file, but an executable (b.exe). Once executed, it downloads another executable to the system.
"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.
The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.
The worm is currently detected only by two of the AV software solutions used by VirusTotal, and it has anti-VM capabilities, which makes it impossible for researchers to test it in virtual environments and sandboxes.
Needless to say, users are advised to be careful about opening suspicious links contained in Facebook messages. If you're not sure whether the message apparently sent by your friend was actually sent by him, it's better to ask him about it. In this case, if he has not, you can also tell him that his computer has probably been infected and his account compromised.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.