Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Malwarebytes Observes that Account Hijacking Trojan Spreads Via Facebook Messages

Security vendor Malwarebytes has asserted that a computer Trojan is embezzling account data and credentials by spreading like wildfire on Facebook.

The Trojan spreads through Messenger (IM) service of Facebook by sending message to a victim and pretending to be one of their friends with the term "LOL" accompanied by a file coming up to be downloaded which appears to be a photo called "IMG_xxxx.zip."

The file once downloaded is unzipped by the user who clicks on it assuming it to be an image file called 'IMG_xxxx.jar'. The JAR part of the file executes, downloading malware and thus, tainting the system.

The polluted user's Facebook account is hijacked and then it is used to distribute more malware to friends of this user and the vicious circle continues.

Unlike previous editions of this scam, cybercriminals in this case decided to create a jumble of different contamination tactics to achieve their normal goal as there are four types of tactics involved in this attack.

The first type of tactic is the exploitation of IM; Malwarebytes have seen enough usage of malware IM in many forms to send malicious files to Internauts including MSN, Skype, Yahoo etc.

The second form is the employment of text 'lol' which is an extremely intelligent way of convincing the user to open the file. The purpose is to draw the attention of the user and surprisingly, in our era of fast-paced information utilization, something as plain as 'lol' from a pal is sufficient to slow us.

The third type is usage of Zip format; with the user downloading the Zipped file from the criminal (or compromised account) and unzipping it to become infected with the actual malicious file.

The fourth is the use of a JAR file or JAVA file which is not inherently malicious on its own but goes out and downloads the tangible malware from a distant Dropbox account and then noiselessly fixes the malware on the machine as a service.

Interestingly, the Trojan could be a variant of the infamous Zusy banking Trojan.

Experts conclude that Internauts must keep their PCs updated with latest AV software to avoid this malware infection.

ยป SPAMfighter News - 3/20/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page