13 May 2013

Don't Click Facebook Chat Messages That Have Mediafire Image File Type, It is Annoying.

While i am quite busy with other topics that involve Elections in our country, these few malware(worms) annoy me with excessive Facebook chat messages came from those who were infected with the Mediafire image-but-exe file thingy. This is one heck serious social engineering tactics in which blinds users thinking it is a good file but it turns out, it hides a certain piece sh*t of codes that could somehow lead your account being hacked.

Anyways, words to ponder. Don't try to download and install it.

Why would someone try to install it in the first place? Because they are curious, and once downloaded. They will see a sexy icon in the .exe file. And yet,  i didn't know what exactly it does.
To be safe, i rather not open that file. Instead, i tried unique geeky & nerdy one. Extract its source codes! hehehe/

First, some of your fiends will send you random mediafire links. In case with my situation they were few friends sent me like these. To be honest and fair, i wont blame them.
  • http://www.mediafire.com/?dtiras88unob94n/photo-38.jpeg
  • http://www.mediafire.com/?svv7lcgnrv13kpr/photo-37.bmp
  • http://www.mediafire.com/?0gbv5fhzf7ozgrz/photo-034.png
The owner of these links managed to create more random photo and file extension images. But i doubt, he/she used a script to generate random links. This is exactly the behavior of a WORM or VIRUS does.

Now, if you ever clicked that link out of curiosity, that link will redirect you with a certain address:
  • http://205.196.122.197/k1ak6d4762qg/svv7lcgnrv13kpr/Photo-434743474347.jpeg.exe

This is the sample of a link. Now, if you observed, that file type is a .exe (executable) not .jpeg(image). Most viruses, trojans, malwares, and worms will run successfully on executable ones. Take extra careful with this type e.g (.jpeg.exe). Pretty sure, it will not give you image type but rather a hidden process that could lead your account being hacked.

Once you download that file, you will see like this. Sexy pics huh? Now, excited with that image, some of you will click and install it.

Again, for safety measures i didn't take effort to install it. But i tried to examine that codes. With my simple knowledge, i extracted some part of its code.

What i see was a certain assembly info(most likely worms originated from this language), an sexy icon and simple dialog box to install. I tried to run my AV to check if it is a VIRUS, but it fails me, rather it only gives me an information: it has 3 files compressed in that one file.


Conclusions:

With my basic knowledge, i would really suggests not to install these kind of files.
  • The file is a WORM.
  • File is a suspicious
  • Once installed, it will send a link with your Facebook friends.
  • File is deceiving: From sexy icon, filename and file extension.
  • It is really annoying.
  • Don't INSTALL it!
Share this info to your Facebook friends not to install this annoying script. Thank you :))
Advertisement


Featured Offers:
Advertisement