New malware strains wreaking havoc on Facebook
PandaLabs announced the discovery of security exploits via popular social media sites Facebook and Twitter. In the last several days, two new malware strains have been wreaking havoc on Facebook users.
The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed.
The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe.
Deceiving victims by opening a .doc file upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.
The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link.
Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended.
To “reactivate” their account, users are asked to complete a questionnaire, promising prizes such as laptops and iPads. After several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week.
Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.
“Once again cybercriminals are using social engineering to trick victims and infect them with malware,” said Luis Corrons, technical director of PandaLabs. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure victims.”