Posted by: Ken Harthun
Facebook, Fraud, Malware, Social Networking Hacks
The two latest malware strains exploit Facebook users via email and instant messaging programs. The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe. Deceiving victims by opening a .doc file upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.
An image of the Asprox.N exploit is available here: http://www.flickr.com/photos/panda_security/5394881095/
The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended. To “reactivate” their account, users are asked to complete a questionnaire, promising prizes such as laptops and iPads. After several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.
Images of Lolbot.Q exploit are available here: http://www.flickr.com/photos/panda_security/5394881133/
I recommend you be wary of any unexpected messages with unusually eye-catching subjects and avoid clicking on external links, running executable files or entering personal data into unknown applications or web forms. Nothing new there, just standard security best practice.
Just be careful out there.