31 January 2015

Facebook Malware Porn Links Infect 110k Users in 2 Days

Trojans(malware) are making rounds on Facebook by posting fake malicious porn video links on the victim's profile.

A Rule of thumb: Do not click PORN Links on Facebook, unless you know what you are doing. But being extremely aware and alert can save yourself from being the source porn sharer on Facebook.

In a Treatpost blog, the trojan was reportedly infecting 110,000 Facebook users just within two days.
Fake Facebook porn links malware
Sample of fake flash update: Image: TweakTown

How this malware works?

When the user clicks the video link(disguised as a Flash player update), which makes the users think it is safe since he/she might be familiar with the update. Out of curiosity and in order to watch the video, the users must need to download and run for a flash player update, it turns out that it will download a certain Trojan directly to your system, allowing a hacker to control your PC. This malware spreads itself by posting porn video links from the account of the previously infected users.

Of course, once it is already run onto your system, the malware start linking multiple similar links to your wall and tagging 20 friends on each post.

When a user opens the link contained in the post, the video begins to play, but it will stop and ask the viewer to install a fake Flash player update containing Trojan downloader with the actual malware.

In other report, Facebook have released an official statement on the matter, saying:
We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites. We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook
Some precaution that Facebook implements is the "blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook."

An initial investigation posted on the Full Disclosure mailing list by security researcher Mohammad Faghani revealed that the malware can manipulate keystrokes and mouse movement. One indicator of compromise is the presence of Chrome.exe in the Windows processes.

This one uses a technique that Faghani is calling “Magnet.” By creating malicious posts and tagging multiple users, the content is then visible to not only those that are tagged but also by there friends as well. This, Faghani says, allows the malware to spread more rapidly.

Again, as Rule of thumb, Do not CLICK any PORN LINKS

If you want your Facebook account be secure and not source of posting porn links: Do yourself a favor and never click unknown video links on Facebook.

References: [1] [2]


Advertisement


Featured Offers:
Advertisement