Beware of Two new malicious codes using Facebook

Facebook users Beware! Just as 2010, the first month of 2011 is again seeing cyber crooks use Facebook to succeed in their evil designs.

According to Panda security, in the last three days two new malicious codes using Facebook have been discovered.

Here is a brief description of the two:

1) Asprox.N, is a Trojan that reaches potential victims via email. It deceives users by telling them that their Facebook account is being used to distribute spam and that, for their security, the login credentials have been changed. It includes an attached fake Word document supposedly containing the new password.

Panda reports that the email attachment has an unusual Word icon, and is named Facebook_details.exe. This file is really the Trojan which when run, downloads a .doc file that runs Word to make users think the original file has opened.

The Trojan, when run, downloads another file designed to open all available ports, connecting to various mail service providers in an attempt to spam as many users as possible.

2) Lolbot.Q, is distributed across IM applications such as MSN and Yahoo!, displaying a message with a malicious link. This link downloads a worm designed to hijack Facebook accounts and prevent users from accessing them. If users then try to login to Facebook, a message appears informing that the account has been suspended and that to reactivate them they must complete a questionnaire, with the offer of prizes –including laptops, iPads, etc.– to encourage users to take part.

After several questions, users are asked to enter their cell phone number, where they will receive data download credits for a cost of R83 a week. On subscribing to the service, victims will receive a password with which they can recover access to their Facebook account.


As seen, in the two malicious codes, the crooks are not only using Facbook’s massive network to achieve their objectives, but also designing their campaigns in such a way that they appear genuine. Like, taking cue from Facebook’s recent efforts to trying to monetize user actions like “Likes”, rolling out new ad format, launching Facebook Deals etc. they are showing laptop offers on the login page itself. In the first trozan they are trying to take advantage of Facebook’s current focus on security.

In short these people are much faster in updating themselves and their creations; so that every campaign hits the basic thought process of users.

PandaLabs advises all users to be wary of any messages with unusually eye-catching subjects, whether via email or IM or any other channel; and to be careful when clicking on external links in Web pages. The security software maker, also warns users not to enter any personal data in applications attempting to sell any type of test. --------

No comments