News

New Facebook worm poses as a screensaver

SearchSecurity.com Staff

Security researchers are warning of a new Facebook worm spreading quickly on the social networking platform by using stolen credentials to access the victim’s contact list.

    Requires Free Membership to View

Once run, it drops a cocktail of malicious files onto the system, including Zeus, a popular Trojan spyware capable of stealing user information from infected systems

Peter Kruse of CSIS

The worm, described by Danish security firm CSIS as a classic Facebook attack, infects users by using stolen credentials to spread via the victim’s contact list. The victim’s friends will see a .jpg file. Clicking on the file will open a malicious screensaver.

“Once run, it drops a cocktail of malicious files onto the system, including Zeus, a popular Trojan spyware capable of stealing user information from infected systems,” wrote Peter Kruse of CSIS.

The code is developed in Visual Basic 6.0 and contains code that helps trick users of virtual machines.

Kruse said the worm is continuing to actively spread because most antivirus programs are actively detecting the infection. In addition, the worm is collecting data about infected machines and offering up additional malware.

To protect against social networking worms, Facebook monitors user-generated content and detects traffic spikes from Web applications tied into its framework. Its systems can detect an unusual surge in messages sent in a short period of time, or messages with links that could potentially send users to attack websites. There’s no word on whether Facebook has blocked unusual activity tied to the latest worm.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: