Please be very mindful of any “links” you receive from “friends” on Facebook. Otherwise you could be next in receiving a virus!
A new worm has popped up on Facebook, using apparently stolen user credentials to log in to victims’ accounts and then send out malicious links to their friends. The worm also downloads and installs a variety of malware on users’ machines, including a variant of the Zeus bot.
The worm is making the rounds now, and detection of the malicious file that’s being used to drop the malware on victims’ machines is quite low. Researchers at CSIS in Denmark analyzed the worm’s behavior and found that it appears to be using stolen Facebook credentials to log in to user accounts. It then sends out messages to the victim’s Facebook friends with a link that’s supposedly to a photo file.
However, the file that’s linked to is a screensaver that has a JPG extension. If a user opens the file, it will then install a series of malicious programs. CSIS says that the worm’s code was written in Visual Basic and uses a handful of techniques to make analysis in virtual machine environments difficult. After the user executes the malicious file, the infection routine kicks off.
“The worm carries a cocktail of malware onto your machine, including a Zbot / ZeuS variant which is a serious threat and stealing sensitive information from the infected machine.”