Spammers Exploit Facebook to Spread Malware

Facebook once again become the target of spammers who download malware on users' computers. Andrew Brandt, a researcher at security firm 'Webroot', states that a spam campaign (which spread at fast pace during the second week of June 2010) injected malware into the Facebook users' computers, as reported by Webroot Threat Blog on June 14, 2010.

The malware was designed to hack the Facebook account of infected users, steal account passwords and record clicks in the infected users' browsers.

The malware comes with a message that contains a malicious link sent by a friend. The link is hidden under the brain-damaged text "You? I find it on Google". When the Facebook user clicks on the hidden link, he is directed to a page on online-photo-albums.org. This webpage points towards the malware hosted on a server in Bosnia and Herzegovina. Fortunately, the server has been taken offline.

Besides, the installer (album.exe) leads to download of several other malicious payloads. It installs "clickjacker" Trojan-Bamital, which divert the browser to another website if the infected user clicks on linked result in a particular subset of search engines. The subset of search engines includes, Google.kr (the South Korean version of Google). However, the interesting fact is that this redirection doesn't occur on the main Google.com.

In addition, Album.exe installs another malicious payload 'Trojan-Downloader-Suurch' that further downloads additional malicious codes like DLL. The malware 'DLL' steals password and other important details feed into web forms in Internet Explorer and forward the stolen data to attackers' server.

The security researchers have stressed that this incident underscores the importance of taking precautions and avoid clicking on unsolicited links while using social networking websites. The researchers also warn Facebook users that they should not be swayed by any link posted on the website under the illusion of having magical protective ability.

The security researchers further add that as the number of online threats spreading through Facebook usually accompanied by messages sent by friends, it is very difficult to make distinction between the dangerous and secured messages. Therefore, it is very important that people should install anti-virus and anti-malware software on their machines. Another important step is update all the existing software and operating system.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 6/23/2010