Account-hijacking Trojan spreads via Facebook messages
Posted on 12.03.2014
Private messages delivering what seems to be an image are spreading like wildfire on Facebook, as the file in question triggers the download of a Trojan that compromises the victims' computer and Facebook account to spread the malware further.

The infection chain starts like this: the victim sees the message from a friend that simply states "LOL" and includes the "image":

Unfortunately, the ZIP file in question contains a Java JAR file of the same name that, when run, downloads the actual malware from a remote Dropbox account.

The two aforementioned files are not malicious per se, but the third one is - it's a Trojan that injects itself into legitimate processes currently running on the victimsí system.

According to Malwarebytes' Adam Kujawa, it's still unkown what the Trojan does except compromise the victims' Facebook account, but if we go by the results on VirusTotal, it could be a variant of the infamous Zusy banking Trojan.

"The origin of the threat is also currently under investigation however some of the text found within the Java file leads us to believe it was developed by someone who speaks Greek," noted Kujawa.

Users are advised not to open automatically similar files received from Facebook friends, but to ask them first if they were the ones who sent it.

"If they donít respond or they say ĎI dunno, I didnít send thatí then go ahead and suggest your friend run an AV scan and change their Facebook passwords, in that order," he advises.

The malware affects only computers running Windows, so if you accessed your Facebook account and tried to open the file via your mobile phone or Mac, you're in the clear.


Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Wed, Jul 30th