Sophos: Facebook Chat is Attacked by Hackers to Spread Malware
Security officials of 'Sophos' has cautioned web users about a latest spam campaign initiated by hackers that can exploit Facebook chat in order to spread malware.
The malware hijacks Facebook accounts from the infected system and spams users in their friend lists.
The fake message promises users access to an interesting photo in order to lure them to an app.facebook.com/[censored] page. After opening this page users are immediately urged to install a file called FacebookPhotos#########.exe (where # stands for a random digit).
A message says that "this photo has been shifted to another location" and asks users to click a "View Photo" button. This button adds to the authenticity of the message and the user immediately downloads the file.
On installing and running the file, the.exe file downloads what seems to be a new Palevo variant, detected as W32/Palevo-BB.
Moreover, Palevo belongs to a family of worms that usually spreads through Instant Messaging (IM) applications such as Windows Live Messenger, Yahoo! Messenger or Skype. Researchers state that it was also the malware behind Mariposa (Butterfly) botnet which was circulated in 2010 by Spanish authorities.
Social engineering sites prove to be a better option for the hackers to spread malware instead of persuading them to fill irrelevant surveys. This Palevo-BB worm is not the first ever malware strain to use Facebook as a platform of infection.
Disturbingly, scams have almost become a frequent activity on Facebook. For instance, lately a fake survey scam was making rounds on the social networking media. This survey offered a fake update of the death of popular rapper Tupac Shakur.
The researchers added that the most famous social engineering network worm till date has been the notorious Koobface worm which is a strain of malware used to deliver victims to scareware scam portals on carry out click fraud.
Chester Wisniewski, a Senior Security Advisor at Sophos said that Facebook removed the application from its service. But there might be several messages like this that continue to be in rounds. Thus, beware of the unusual messages from friends whether they come via mail, or on their walls, or in an instant message, as per the news by nakedsecurity.sophos.com on January 9, 2011.
Related article: Spike in Attacks Causes Early Release of Windows Patch
» SPAMfighter News - 19-01-2011