Spyware that TrendMicro researchers identify as TSPY_MINOCDO.A tricks unsuspecting users into disclosing their financial information by redirecting them to a spoofed Facebook security check page every time they attempt to visit the social networking site.
The redirect is done through the infected machine’s HOST file, and prevents the user from accessing any legitimate Facebook pages until the malware is removed.
Please complete a security check
Security checks help keep Facebook trustworthy and free of spam.
Use a credit card to verify your account
To keep Facebook a safe environment and to make sure that you are using your real name, we require you to confirm your identity by submitting your credit card information.
- This information will only be used to verify your identity.
- Your credit card will not be charged in any way.
- We do not store any credit card information on our servers.
- Please enter the following information to be able to continue using your Facebook account.
Information submitted through the false Facebook page is sent back to the cybercriminals to use as they please.
Aside from stealing payment information, researchers say that TSPY_MINOCDO.A modifies the system registry to ensure it starts every time Windows does, performs DNS queries to multiple domains to ensure that it can report back to its command server, and monitors all browsing activity.
TSPY_MINOCDO.A is distributed via drive-by-download attacks and other malware, so users can protect their computers by:
- Keeping their operating system and installed software fully patched and up-to-date.
- Always running antivirus software and keeping the virus definitions current.
- Exercising caution when following hyperlinks (do a little research first!).
- Disabling Java in their browser if it is not needed (the Java browser plugin is often targeted in cyberattacks).
Above all else, trust your instincts and don’t hand out your credit card information to “verify” your account on a FREE social networking website.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+