Facebook IM trojan politely asks ‘Can I post these pictures on Facebook?’
Posted by: Jon Ben-Mayor on 06/01/2014 08:56 AM [ Comments ]
You will get more flies with honey, as the saying goes, and that is just what the hackers responsible for spreading this particular trojan hope to accomplish.
Once this trojan has gained access to a users' contact lists, Gen:Variant.Downloader.167 attempts to distribute itself through Facebook's IM and Yahoo Messenger spreading from friend to friend...
According to Bitdefender, Hot for Security blog, it all starts when users receive a polite question from a Facebook or YM friend whose system got infected with the malware. “I want to post these pictures on Facebook, do you think it’s OK?,” the malicious messages read. To add legitimacy, the URLs following the question belong to storage services Dropbox and Fileswap, frequently used for sharing pictures and files.
The malware is then executed on the machine, where it creates a folder with a random name and an “.exe” extension. It also shows a message box in the installing process.
“This application is not compatible with the version of Windows you’re running,” the message reads. “Check your computer’s system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.”
The downloader can restart and update itself. Bitdefender blocked the malware, along with less than half of the security solutions listed on Virus Total.
According to Bitdefender, Hot for Security blog, it all starts when users receive a polite question from a Facebook or YM friend whose system got infected with the malware. “I want to post these pictures on Facebook, do you think it’s OK?,” the malicious messages read. To add legitimacy, the URLs following the question belong to storage services Dropbox and Fileswap, frequently used for sharing pictures and files.
The malware is then executed on the machine, where it creates a folder with a random name and an “.exe” extension. It also shows a message box in the installing process.
“This application is not compatible with the version of Windows you’re running,” the message reads. “Check your computer’s system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.”
The downloader can restart and update itself. Bitdefender blocked the malware, along with less than half of the security solutions listed on Virus Total.
Comments