Facebook photos have become a new target for cyberthieves looking to direct users to malicious sites. Recently spam chat and email message were sent from compromised Facebook user account to their friend list.
The Facebook chat messages include text such as “hahahah foto” and the phony Facebook application pages. Clicking on the link, to look the photo will redirect users to a malicious page that will attempt to infect their systems with malware.
The file present itself as an image file but actually is a executable binary. If user try to view the image by double clicking it, malware will get execute.
In our control environment at Quick Heal Viruslab we executed and checked for its activity and found that it was redirecting to a website flashing message that the web browser needs to be upgraded.
Then malware established connection with remote IRC Server as below.
nick=”NEW-[USA|00|P|12397]”
username=”XP-4911″
password=”xxx”
JOIN #!nn!
testMODE [USA|00|P|88251] -ix
testPONG 22 MOTD
The malware also silently connected to below websites.
“xxxxx.ic.ac.uk”
“ale.xxxxx.com”
“verxxxxx.com”
“api.axxxxxory.info”
Anybody’s curiosity will increase after seeing such easy steps of online money making. Finally it diverts user to a page asking for paying some security deposits to them.
These all are fake notifications. The malware was trying to play a prank by such fake easy money making methods. Please avoid paying them.
Quick Heal detect this Trojan threat by “Trojan.Agent.fb”
Related Posts
- Facebook photo album chat messages spreading worm
A new variant of the Koobface worm was making the rounds today on Facebook. This is particularly bad news. Most of the Facebook scams we report on do not infect your computer with malware; they simpl... - Spreading malicious links through the ‘Like it’ feature in Facebook
As much as I loathe Facebook, I can’t deny the fact that it’s too popular to ignore it. I do have an account on there, but I don’t really spend much time social networking… As ... - “Download photoalbum” another variant of “i got u surprise”
Previously we have written about the "i got u surprise" spam trojan on Facebook. And today, we still discovered another variant. This time, the message that is received by the victim is only "u?" and ... - Facebook Scam Alert: ‘Everyone do check what she did on cam’ Spreading
We’re monitoring an on-going Facebook scam campaign that seems to be spreading faster than any campaign we’ve come across before.
What did this girl do on her webcam?
The scam starts with ... - Facebook Scam Spreading: ‘Hey, I just made a photoshop of you, check it out’
We’ve been monitoring a new Facebook scam that is spreading via Facebook Chat messages. This particular scam usually begins with a chat message from a friend like the one below:
Example of the ... - Emsisoft Security Ticker: Warning! Surprise spam trojan on Facebook
Emsisoft Security Ticker: Warning! Surprise spam trojan on Facebook
Full story: a-squared - English... - Warning: Surprise spam trojan on Facebook
Emsisoft - Ever received messages from your Facebook friends containing a notice or invitation, such as an invitation to visit a particular site, added with an interesting message, like “Hey watch thi... - Encrypted Facebook Chat?
With the release of Firesheep the Firefox add on HTTPS Everywhere has increased in popularity as it helps ensure that your Facebook session is encrypted. Using Facebook over https breaks the chat on ... - New Koobface Campaign Spreading on Facebook
Websense Security Labs™ ThreatSeeker™ Network has detected a new Koobface campaign spreading on Facebook. The campaign is spreading via direct messages sent from compromised accounts... - Orkut Worm spreading through XSS loophole
Orkut, a popular social networking site, was hit by a new worm on Saturday, September 25, 2010. The worm uses a XSS exploit on the Orkut website that allows malware writers to inject malicious javasc...
Posted on 25 February 2011. Tags: chat, Facebook, Spreading, Through, Trojan
The above information is reprinted from and copyrighted © by Quick Heal.
