Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Trojan Infection Through Facebook

March 08, 2011 - 1 min read

It’s no surprise to see Facebook becoming a primary focus for spreading malware. Attackers are leveraging Facebook as a means of reaching end users, delivering links in order to convince victims to click on them. The links deliver malware that allow attackers to access sensitive information or take control of a voctim machine, Recently, I found such an incident where Facebook was used to spread a known Trojan.

The victim usually gets a message containing a malicious link which looks like:



Visiting link redirects user to the following page:


The above page delivers a binary called “surprise.exe”. Virustotal shows most common antivirus engines flag it as known Torjan Dropper. If you accidentally execute “surprise.exe”, the victim machine prompts with the following message:


Currently no malware is hosted on the site “facebook-surprise-nmsk.tk”. But its not guaranteed that it will remain in same state. Report from “ scumware.org” shows different domains used to spared this malware.All the different domains were registered with same ip. DNS lookup for the ip can found here.


This clearly shows how attackers are taking advantage of power of social networking to spread malware. Always make sure the links are safe before clicking on them.


Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.