Emsisoft malware analysts have detected a massive outbreak of new Facebook Malware. A current variant even hijacks the user’s Facebook account.
Sometime back Emsisoft discovered the activities of the Facebook threat Trojan-Downloader.Win32.FraudLoad.
Now there is a new version, taking over ones complete Facebook account!
A few days ago a new Facebook Malware became active. Users of Emsisoft Anti-Malware are already protected from the new variant detected as Worm.Win32.Yimfoca!A2 or Trojan.Win32.Scar!IK.
This Malware uses the Facebook chat system to propagate through users. It sends messages to the friends of an infected user, with the message only containing “hahahh Foto”, followed by a link. This link leads to a fake Facebook page stating “Photo has been Moved.” Everyone clicking “View Photo” obtains the Malware file without even knowing it.
As soon as the file is executed, another browser window is opened – and either a harmless Myspace or Google page will be opened. But the Malware remains active invisibly in the background. As soon as the user opens his Facebook account, the malware becomes active again and sends out new photo messages to all friends of the victim.
During the next login at Facebook, the login page will be blocked and the Malware shows a “Scam Survey” message together with the link “Win an Apple product”.
If followed, the user will end up a web page with advertisements or affiliate links.
A second variant shows the message “Today is our 6th Birthday!”, as soon as Facebook is opened. If the user changes back to his login page, he sees “Your account has been suspended! The suspend will be released after 80 minutes. The suspend will be disabled only if you fill out one survey!” – Notice the grammar.
Of course the account is not suspended, it is just a fake message of the malware, says Emsisoft. Again the link does not lead to a survey, but to the advertisement page!
“The latest variant is spread by the chat system of Facebook and shows that avoiding suspicious websites and only trusting (virtual) friends are not enough protection any more”, says Thomas Guenther, Emsi Software GmbH.