Facebook photos have become a new target for cyberthieves looking to direct users to malicious sites. Recently spam chat and email message were sent from compromised Facebook user account to their friend list.
The Facebook chat messages include text such as “hahahah foto” and the phony Facebook application pages. Clicking on the link, to look the photo will redirect users to a malicious page that will attempt to infect their systems with malware.
The file present itself as an image file but actually is a executable binary. If user try to view the image by double clicking it, malware will get execute.
In our control environment at Quick Heal Viruslab we executed and checked for its activity and found that it was redirecting to a website flashing message that the web browser needs to be upgraded.
Then malware established connection with remote IRC Server as below.
nick=”NEW-[USA|00|P|12397]”
username=”XP-4911″
password=”xxx”
JOIN #!nn!
testMODE [USA|00|P|88251] -ix
testPONG 22 MOTD
The malware also silently connected to below websites.
“xxxxx.ic.ac.uk”
“ale.xxxxx.com”
“verxxxxx.com”
“api.axxxxxory.info”
Anybody’s curiosity will increase after seeing such easy steps of online money making. Finally it diverts user to a page asking for paying some security deposits to them.
These all are fake notifications. The malware was trying to play a prank by such fake easy money making methods. Please avoid paying them.
Quick Heal detect this Trojan threat by “Trojan.Agent.fb”
No Comments, Be The First!