Browse archive

Latest news

(IN)SECURE Magazine issue 34 released

Romanian hackers arrested for hitting government websites

17% of the world's PCs are unprotected

Dissecting modern privacy concerns

DNS-changing Trojan leads to phishing banking sites

Olympics fans targeted with lottery scam

WikiLeaks founder Assange loses extradition appeal

Security and privacy in the AWS cloud

UFED Touch: Field-ready mobile forensics solution

Securing the Virtual Environment

Flamer removal tool from Bitdefender

Hack In The Box conferences

Fake Facebook notification delivers keylogger

Posted on 17.02.2012

Fake Facebook notifications about changes in users' account information have been hitting inboxes and delivering malware to unwary users, warn BarracudaLabs researchers.

The email address of the sender is spoofed to make it look like it has been sent by the social network, and the message contains only an image implying that the recipient needs to install Silverlight (Microsoft's answer to Adobe Flash) in order to view the content:

Hovering with mouse over the image shows that the offered file is a Windows PIF file (a type of executable file) and that is hosted on a IP address in Malaysia. Sadly, the innocuous looking file is actually a keylogger - the Jorik Trojan.

The real beauty of the scheme shows itself once the user clicks to download the file. As Trojans are also executables, the usual Windows warning about downloading and running potentially harmful software is not out of place but is unfortunately often automatically disregarded by users.

Once the keylogger is installed, it starts recording every keystroke and Web page title into a disk file, which is ultimately sent to a C&C server operated by cyber criminals.