Malwarebytes Observes that Account Hijacking Trojan Spreads Via Facebook Messages
Security vendor Malwarebytes has asserted that a computer Trojan is embezzling account data and credentials by spreading like wildfire on Facebook.
The Trojan spreads through Messenger (IM) service of Facebook by sending message to a victim and pretending to be one of their friends with the term "LOL" accompanied by a file coming up to be downloaded which appears to be a photo called "IMG_xxxx.zip."
The file once downloaded is unzipped by the user who clicks on it assuming it to be an image file called 'IMG_xxxx.jar'. The JAR part of the file executes, downloading malware and thus, tainting the system.
The polluted user's Facebook account is hijacked and then it is used to distribute more malware to friends of this user and the vicious circle continues.
Unlike previous editions of this scam, cybercriminals in this case decided to create a jumble of different contamination tactics to achieve their normal goal as there are four types of tactics involved in this attack.
The first type of tactic is the exploitation of IM; Malwarebytes have seen enough usage of malware IM in many forms to send malicious files to Internauts including MSN, Skype, Yahoo etc.
The second form is the employment of text 'lol' which is an extremely intelligent way of convincing the user to open the file. The purpose is to draw the attention of the user and surprisingly, in our era of fast-paced information utilization, something as plain as 'lol' from a pal is sufficient to slow us.
The third type is usage of Zip format; with the user downloading the Zipped file from the criminal (or compromised account) and unzipping it to become infected with the actual malicious file.
The fourth is the use of a JAR file or JAVA file which is not inherently malicious on its own but goes out and downloads the tangible malware from a distant Dropbox account and then noiselessly fixes the malware on the machine as a service.
Interestingly, the Trojan could be a variant of the infamous Zusy banking Trojan.
Experts conclude that Internauts must keep their PCs updated with latest AV software to avoid this malware infection.
» SPAMfighter News - 20-03-2014