Kaspersky Warns that Facebook Dispersing Cross-browser Lily Jade Worm

Security researcher from antivirus firm in Kaspersky warns that a malware use cross rider, which is a cross-browser extension development framework to form a click-fraud worm called Lilly jade that spread on facebook.

Cross rider is a legal JavaScript framework that implements a unified API(application programming interface) for forming Mozilla firefox,google chrome and internet explorer extensions.

"It is quiet uncommon to analyze a malicious file written in the form of cross-platform browser plug-in. It is, however, even rarer to come across plug-in created using cross browser engines,"kaspersky Lab malware expert Sergey golovanov said, according to securelist.com dated may 21, 2012.

The objective of Lilly jade is to replace code that specifies who should get paid when users click on ads that run on top internet properties, as facebook.com,yahoo.com ,youtube.com, bing.com, google.com and MSN.com.In short , the plug-in permit customers to swap in their own ads on virtually any sites which is visited by users.

Independent security researcher Brian kerbs pointed out the unusualness of Lilly jade is that its creator, an Arizona hacker named Dru Mundorff, is openly selling it for $1,000 a copy on hacking forums, using real name, as published by securitynewsdaily.com dated May 21, 2012.

On the hacking forum, Mundorff declared that Lilly jade is not visible to antivirus software since in some cases it's just two lines of code pointing to an external site.

Mundorff told kerbs that Lillyjade is perfectly legal, thank to users to creative and end user license agreement (EULA).

Its impossible to confirm those numbers or to say exactly how many facebook users have installed this browser plug-in. but the plug-in has apparently been victorious to have caught the attention of face book's security team. Facebook said that it had already sent Mundorff a cease-and-desist, which Mundorff neglected.

Commenting on the new malware, Fred wolens, and public policy manager at facebook said: "Plugins such as Lilly jade are configured to alter our site to inject ads and/or send spam using facebook to the victim's friend via wall posts and chat messages. These modifications change people facebook experience and bypass facebook's quality and security control," as reported by threatpost.com dated May 17, 2012.

Related article: Kaspersky Released malware Statistics for September 2008

» SPAMfighter News - 5/29/2012