New Facebook worm spreading

Summary:Researchers from the Danish security firm CSIS, have intercepted a currently spreading Facebook worm.

Researchers from the Danish security firm CSIS, have intercepted a currently spreading Facebook worm.

The worm spreads by sending direct messages using the privileges of the already logged in user. The message looks like an image file, whereas in reality it has an executable .scr screensaver extension.

Upon execution, the sample drops a ZeuS crimeware variant on the infected host. The malware is hosted on compromised web servers across the globe.

The sample -- very limited detection rate -- is currently detected as Win32.HLLW.Autoruner.52856 and Heure: Trojan.Win32.Generic.

Topics: Social Enterprise, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.