Concerned about VPN vulnerabilities? Learn how you can benefit from our VPN migration offer including 60 days free service.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Trojan Infection Through Facebook

March 08, 2011 - 1 min read

It’s no surprise to see Facebook becoming a primary focus for spreading malware. Attackers are leveraging Facebook as a means of reaching end users, delivering links in order to convince victims to click on them. The links deliver malware that allow attackers to access sensitive information or take control of a voctim machine, Recently, I found such an incident where Facebook was used to spread a known Trojan.

The victim usually gets a message containing a malicious link which looks like:



Visiting link redirects user to the following page:


The above page delivers a binary called “surprise.exe”. Virustotal shows most common antivirus engines flag it as known Torjan Dropper. If you accidentally execute “surprise.exe”, the victim machine prompts with the following message:


Currently no malware is hosted on the site “”. But its not guaranteed that it will remain in same state. Report from “” shows different domains used to spared this malware.All the different domains were registered with same ip. DNS lookup for the ip can found here.


This clearly shows how attackers are taking advantage of power of social networking to spread malware. Always make sure the links are safe before clicking on them.


form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.