Facebook worm leads to heavy infection
Posted on 29.11.2011
The researchers of Danish security firm CSIS warn about a new Facebook worm doing rounds and dropping malware.

It spreads by compromising accounts and spamming out the users' friends with a message that contains only a link. If followed, the link takes the potential victim to a page where he or she are offered what appears to be a screensaver for download:

Unfortunately, it is not a JPG file, but an executable (b.exe). Once executed, it downloads another executable to the system.

"The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat and stealing sensitive information from the infected machine," warn the researchers.

The worm is hosted on a variety of domains, so the link in the malicious message may vary. Other servers are used to collect the data sent by the aforementioned malware and to serve additional malicious software.

The worm is currently detected only by two of the AV software solutions used by VirusTotal, and it has anti-VM capabilities, which makes it impossible for researchers to test it in virtual environments and sandboxes.

Needless to say, users are advised to be careful about opening suspicious links contained in Facebook messages. If you're not sure whether the message apparently sent by your friend was actually sent by him, it's better to ask him about it. In this case, if he has not, you can also tell him that his computer has probably been infected and his account compromised.


eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Dec 18th