Monday, December 5, 2011

Dangerous Worm Coming to a Facebook Chat Near You

Facebook WormsA worm that was recently unearthed at the end of November by Danish security researchers at CSIS has been spotted in Facebook chats.

Originally posing as pair of blonde women desperate to serve as your new screensaver, the worm was being spread via posts containing malicious links that were sent out from compromised Facebook accounts.

Once an unsuspecting target clicked the link and opened the file, a “cocktail of malware” is unleashed upon the victim’s machine. A variant of the well-known Zeus/Zbot banking Trojan said to be one of the noted ingredients.

Facebook got on the case and quickly began blocking the domains used to spread the malware.

However, it seems now the worm has found it's way around Facebook's built-in security, becoming quite the Chatty Cathy by spreading it's evilness via Facebook chat.

Although the chat messages appear to be coming from your legitimate Facebook friends (whose logins have likely been stolen thanks to the malware), they’re actually coming from malware identified as “Dorkbot,” which has clearly made its way onto the computer of your peer and plans to do the same with yours.

Malicious chats sent by the Dorkbot malware will contain a bogus Facebook.com image link that actually points towards a third-party site.  “Although an unsuspecting user may believe that they are clicking on a link to a JPG image,” Graham Cluley of Sophos security explains, “the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.”

Users are advised to use caution when following the links shared with them on Facebook, especially if they're image links. Aside from calling your friend up and asking if they just sent you a link, there's no real way to tell if the chat is actually coming from your friend or the Dorkbot infection.

Due to their popularity, internet crooks often use social networking sites to spread their scams and malware. With Facebook boasting over 800 million users, it's no wonder why they often use it to promote their evil creations.

Photo Credit: etee

Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.

No comments:

Post a Comment