Security researchers are warning of a new Facebook worm spreading quickly on the social networking platform by using stolen credentials to access the victim’s contact list.
The worm, described by Danish security firm CSIS as a classic Facebook attack, infects users by using stolen credentials to spread via the victim’s contact list. The victim’s friends will see a .jpg file. Clicking on the file will open a malicious screensaver.
“Once run, it drops a cocktail of malicious files onto the system, including Zeus, a popular Trojan spyware capable of stealing user information from infected systems,” wrote Peter Kruse of CSIS.
The code is developed in Visual Basic 6.0 and contains code that helps trick users of virtual machines.
Kruse said the worm is continuing to actively spread because most antivirus programs are actively detecting the infection. In addition, the worm is collecting data about infected machines and offering up additional malware.
To protect against social networking worms, Facebook monitors user-generated content and detects traffic spikes from Web applications tied into its framework. Its systems can detect an unusual surge in messages sent in a short period of time, or messages with links that could potentially send users to attack websites. There’s no word on whether Facebook has blocked unusual activity tied to the latest worm.