Facebook is still one of the most attacked sites on the web. This time hackers decided to make fun of computer users and send fake and malicious messages from the profiles of your friends.
In case you have recently received a message with the following content: "Hello. I got you a surprise" plus a link to a blog on [something].blogspot.com, you should beware that this is scam and highly dangerous.
Several days ago, I got a message like this from a friend whose native language is Lithuanian, rather than English. The first thing that stroke my eye was that why he would write to me in a different language? Isn't that awkward? That's why I decided to go to the link on my test computer rather than use my regular one.
Luckily, I was right and didn't click on the link on my regular PC. After visiting the link, I was redirected to another website which had a totally different address and opened like a blank page with the text "Download photoalbum."
Image 2. Redirection to Malicious Website
Being aware that something is suspicious in here, I clicked on the link and an executable file photo.exe was put on my test PC. After clicking on the file, my antivirus software popped a message: "Malware Object Detected."
It looks like the website is spreading Trojan.Waledac through the fake messages. According to VirusTotal, this file is recognized as malicious by 64 % of antivirus software applications (take a look at the table below).
| Antivirus | Alias Name |
| AhnLab-V3 | Trojan/Win32.ADH |
| AntiVir | TR/Crypt.XDR.Gen |
| Antiy-AVL | Worm/Win32.Koobface |
| Avast | Win32:Rustock-AY |
| Avast5 | Win32:Rustock-AY |
| AVG | Cryptic.BHN |
| BitDefender | MemScan:Trojan.Generic.5154826 |
| Comodo | Heur.Suspicious |
| Emsisoft | Spammer!IK |
| eSafe | Win32.TRCrypt.Xdr |
| F-Secure | MemScan:Trojan.Generic.5154826 |
| GData | MemScan:Trojan.Generic.5154826 |
| Ikarus | Spammer |
| Jiangmin | TrojanDropper.FrauDrop.vm |
| Kaspersky | Trojan-Dropper.Win32.FrauDrop.bkq |
| McAfee | Generic.dx!vcv |
| McAfee-GW-Edition | Artemis!8F8D10FAAABE |
| Microsoft | Spammer:Win32/Fbphotofake.A |
| NOD32 | a variant of Win32/Kryptik.IMG |
| Norman | W32/Obfuscated.A2!genr |
| nProtect | MemScan:Trojan.Generic.5154826 |
| Panda | Trj/CI.A |
| PCTools | Trojan.ADH |
| Symantec | Trojan.ADH.2 |
| VBA32 | Trojan.Inject.axig |
| VIPRE | Trojan.Win32.Generic.pak!cobra |
| VirusBuster | Trojan.Fbphotofake.C |
Table 1. Antivirus Vendors
The file comes with the MD5 signature 8f8d10faaabe124f2b68435a0be182fa and is of 277995 bytes size. Being a new malicious file, photo.exe might cause huge damage to the system.
Thus keep in mind that you should always use the latest version of the antivirus, as well as remember to be suspicious even about messages received from your friends.
source: http://www.pc1news.com/news/1620/do-not-open-i-got-you-a-surprise-message-on-facebook.html
0 comments:
Post a Comment