Facebook worm leads to heavy infection
Posted on 29.11.2011
The researchers of Danish security firm CSIS warn about a new Facebook worm doing rounds and dropping malware.

It spreads by compromising accounts and spamming out the users' friends with a message that contains only a link. If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download:

Unfortunately, it is not a JPG file, but an executable (b.exe). Once executed, it downloads another executable to the system.

"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.

The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

The worm is currently detected only by two of the AV software solutions used by VirusTotal, and it has anti-VM capabilities, which makes it impossible for researchers to test it in virtual environments and sandboxes.

Needless to say, users are advised to be careful about opening suspicious links contained in Facebook messages. If you're not sure whether the message apparently sent by your friend was actually sent by him, it's better to ask him about it. In this case, if he has not, you can also tell him that his computer has probably been infected and his account compromised.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th