Worm distributed via Facebook PMs and Instant Messengers(IM)

Trend Micro researchers recently received a report about the malicious link distributed via Facebook Private messages. A shortened URL pointing to an archive file called "May09-Picture18.JPG_www.facebook.com.zip".

This archive contains a malicious file named “May09-Picture18.JPG_www.facebook.com” and uses the extension “.COM”(an executable file format).

Once executed, this malware terminates services and processes related to antivirus software, effectively disabling AV software from detection or removal of the worm.

Trend Micro solution detect this malware as WORM_STECKCT.EVL. this worm downloads and executes another worm, one detected as WORM_EBOOM.AC.

WORM_EBOOM.AC is capable of monitoring an affected user’s browsing activity such as message posting, deleted posted messages and private messages sent on the following websites such as Facebook, Myspace, Twitter, WordPress, and Meebo. It is also capable of spreading through the mentioned sites by posting messages containing a link to a copy of itself.

"Facebook and IM applications are tools to share and connect. Cybercriminals’ use of these tools is nothing new, but there are users who fall prey to these schemes. We recommend users to be conscious with their online behavior, in particular on social media sites." The Trend Micro report reads.

Share this with Your friends: