|02 Dec 2011||#1|
| || |
New Facebook worm spreading
Researchers from the Danish security firm CSIS, have intercepted a currently spreading Facebook worm.
The worm spreads by sending direct messages using the privileges of the already logged in user. The message looks like an image file, whereas in reality it has an executable .scr screensaver extension.
Upon execution, the sample drops a ZeuS crimeware variant on the infected host.
The malware is hosted on compromised web servers across the globe. The sample — very limited detection rate — is currently detected as Win32.HLLW.Autoruner.52856 and Heure: Trojan.Win32.Generic.
The code is developed in Visual Basic 6.0 and contains numerous anti-VM tricks directed against VMware, Sandboxie, Virtual Box, etc.
The malicious code downloaded then (space hospitalized by CSIS):
http://www.offi sense.co.il / lang / b.exe
Whereupon the following file is attempted copied to the system:
c: users [% user profile%] m-1-52-5782-8752-5245winsvc.exe
The worm carries a cocktail of malware onto your machine, including a Zbot / ZeuS variant which is a serious threat and stealing sensitive information from the infected machine.
The worm has already captured a large number of domains from which it spreads active (space hospitalized by CSIS)
New Facebook worm spreading | ZDNet
|My System Specs|
|Similar help and support threads for2: New Facebook worm spreading|
|Info-stealing Dorkbot worm spreading on Facebook||Security News|
|AV-killing worm spreads via Facebook chat and IM clients||Security News|
|Ramnit Worm Goes Social, Steals 45,000 Facebook Passwords||Security News|
|New Worm Leading to Rogue AV Is Spreading on Twitter||Security News|
|Facebook Phishing Worm Quickly Steals Thousands of Accounts||System Security|
|Sophisticated Clickjacking Attack Rapidly Spreading on Facebook||System Security|
|Fake joke worm wriggles through Facebook||Security News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 09:25 PM.