Porn-based Facebook trojan horse spreading fast

Started by quiller, February 01, 2015, 11:18:23 AM

Previous topic - Next topic

quiller

Got cyber-herpes? On-line security site The Hacker News looks at the Facebook virus which has affected a reported 110,000 users in just two days....

Quote
The Facebook malware disguised as a Flash Player update and spreads itself by posting links to a pornographic video from the Facebook accounts of previously infected users. The malware generally tags as many as 20 friends of the infected user.

"In the new technique, which we call it 'Magnet,' the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post," said Mohammad Faghani, a senior consultant at PricewaterhouseCoopers, in a mailing list post to the Full Disclosure infosec hangout.

"A tag may be seen by friends of the victim's friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation."
The malicious post will provide you a link to a porn video in one of your friend's posts. Once clicked, the malicious link will land you a website that will prompt you to quickly download and run a Flash update in order to play the video message purporting to be pornography.

Unfortunately, doing so will download a Trojan horse directly onto your computer system, allowing a malicious hacker to hijack your Keyboard and Mouse. By having control of victim's keyboard and mouse, one can capture very useful information – like webmail and bank account passwords.

Once installed on a Windows PC, the malware collects the victim's data and tries to communicate with the server behind the filmver.com and pornokan.com domains for more instructions.

Faghani notes that the malicious file drops the chromium.exe, wget.exe, arsiv.exe and verclsid.exe executable files. In general, Chromium.exe is a generic dropper that probably downloads more malware to install, such as the keylogger, once it's running.

This new technique also enables the malware to keep a low profile, while also displaying itself publicly on your profile, and this is only the reason how the malware infected so many Facebook users just in two days.

The other embarrassing part of this is when your family and friends see that you have just liked and shared porn links on your wall.

http://thehackernews.com/2015/01/facebook-scam-flash-player-malware.html

taxed

#PureBlood #TrumpWon