Rogue Facebook App Disperse through “You’re in Our Movie” Twitter DMs
A dual risk aimed at Twitter users with the Direct Messages(DM) including a Facebook link along with the question "what on earth could you be doing in our movie?" is presently making rounds in the internet, as per the security experts at security firm GFI Software.
The unlucky users who can't suppress their eagerness and follow the link are forwarded to a Facebook App page that claims that they can't view the encrypted video until they log-in into their Twitter account.
The forwarded login page is forged and does not belong to Twitter, and the deposited login credentials aimed at the innocent users will later be registered in the scammers' servers and be used accordingly towards personal motive of the sender.
But it's not enough.
This is however not the only barrier in opening the video page. Victims are also required to update their "YouTube Player."
GFI says in HELP NET SECURITY on November 13, 2012, "Users might held the impression that they are still within the App page. In reality, the Facebook content of the page is actually forged".
On clicking the Install downloads, a file called FlasshPlayerV18.104.22.168.exe. is opened. The execution of this file further drops and executes another malicious file called javas.exe. It is however noteworthy that the malware files served by this forged site keeps on changing from time to time.
GFI Software through its VIPRE has detected FlasshPlayerV22.214.171.124.exe as Trojan.Win32.Generic!BT and javas.exe as Win32.Malware!Drop.
GFI Software has however revealed that this malicious software unlike the Twitter Video Facebook App. revealed in last September does not involve the Umbra botnet. GFI's findings also suggest that the mail is a standalone malware, which simply performs its tasks once executed in an affected system. Additionally, the findings also revealed that the malware is harmless in other sense as it does not form any kind of communication over the internet, nor steal any kind of information.
This sets a reminder to general public that we should not just click on the links on the DM messages even when they are forwarded from our acquaintances like friends, colleagues, or family members. These messages should be treated very cautiously. Instantly the supposed originator of the DM should be warned along with the followers regarding the suspicion. Last, but not the least, the DM in the Twitter inbox should be deleted instantly as sufficed by the security experts at GFI Software.
Related article: RSA Attendees Responsible for Wireless Vulnerability
» SPAMfighter News - 23-11-2012