Concerned about VPN vulnerabilities? Learn how you can benefit from our VPN migration offer including 60 days free service.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

Trojan Infection Through Facebook

image
THREATLABZ
March 08, 2011 - 1 min read

It’s no surprise to see Facebook becoming a primary focus for spreading malware. Attackers are leveraging Facebook as a means of reaching end users, delivering links in order to convince victims to click on them. The links deliver malware that allow attackers to access sensitive information or take control of a voctim machine, Recently, I found such an incident where Facebook was used to spread a known Trojan.

The victim usually gets a message containing a malicious link which looks like:

Image

 

Visiting link redirects user to the following page:

Image

The above page delivers a binary called “surprise.exe”. Virustotal shows most common antivirus engines flag it as known Torjan Dropper. If you accidentally execute “surprise.exe”, the victim machine prompts with the following message:

Image

Currently no malware is hosted on the site “facebook-surprise-nmsk.tk”. But its not guaranteed that it will remain in same state. Report from “ scumware.org” shows different domains used to spared this malware.All the different domains were registered with same ip. DNS lookup for the ip 89.187.53.64 can found here.

Image

This clearly shows how attackers are taking advantage of power of social networking to spread malware. Always make sure the links are safe before clicking on them.

Pradeep

form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.