madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

New malware attack circulating on Facebook

By | August 18, 2011, 6:06am PDT

Summary: Researchers from GData have intercepted a currently circulating Facebook malware attack, that spreads via chat messages.

Researchers from GData have intercepted a currently circulating Facebook malware attack, that spreads via chat messages.

Messages used for spreading

  • bist du das?? aaaaaahahahahaahahaha
  • “hey is this your ex?? lol [LINK]
  • „omg you look so cute [LINK]”

Once the user clicks on the shortened URL, he’s exposed to a executable file that looks like an image file. Upon clicking on the executable a “Picture cannot be displayed” error message appears. In between the malware is stored in the Windows %TEMP% folder and executed.

Users are advised to be extra vigilant when dealing with links found on Facebook.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Facebook, Malware, Attack, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Talkback Most Recent of 10 Talkback(s)

  • RE: New malware attack circulating on Facebook
    Why should I have to read the whole article just to find out my OS in NOT affected. Hence the reason for reading the article/posting.

    PS. It shouldn't be the last line in the article, but the first with a bullet point.
    ZDNet Gravatar
    Return_of_the_jedi
    18th Aug
  • RE: New malware attack circulating on Facebook
    @Return_of_the_jedi
    I don't see any reference to an OS in the article. I see a reference to Facebook.
    ZDNet Gravatar
    bobp@...
    18th Aug
  • RE: New malware attack circulating on Facebook
    @bobp@...
    "In between the malware is stored in the Windows %TEMP% folder and executed."
    *Windows* %TEMP% folder
    Read carefully/
    ZDNet Gravatar
    qjqqyy
    29th Aug
  • RE: New malware attack circulating on Facebook
    "In between the malware is stored in the Windows %TEMP% folder and executed."
    *Windows* %TEMP% folder
    Read carefully.
    ZDNet Gravatar
    qjqqyy
    29th Aug
  • RE: New malware attack circulating on Facebook
    @Return_of_the_jedi
    The body of the article is nine lines. Took you quite a while to read, eh?
    ZDNet Gravatar
    notme403@...
    29th Aug
  • The sarcastic tone isn't needed
    While you don't specify your OS, I think it should be some Linux-based distribution. You Linux users are so proud, didn't? Of course, who could be interested about writing some malware destined to a platform that is incapable of penetrating 1% of the desktop market share? Or even if you run Mac OS, there's no difference. Windows is targeted so much because is the predominant desktop OS. It's pure logic that so many malware is designed for Windows.
    ZDNet Gravatar
    leonsk29
    2nd Sep
  • RE: New malware attack circulating on Facebook
    oh, thank you :D!! haha yeah totally xD replica watches
    ZDNet Gravatar
    lovedong
    13th Sep
  • RE: New malware attack circulating on Facebook
    nothing really new....I have seen this happening for months now...didn't you?
    ZDNet Gravatar
    babznme@...
    18th Aug
  • RE: New malware attack circulating on Facebook
    "Return_..." is right: in future, PLEASE LEDE WITH THE AFFECTED OS.

    If your point is that this COULD as easily be a Mac payload (which, yes, it could, but it's not, & since you can't detect the chat-recipient's OS or user-agent via FB chat it would be a waste of effort to make it a Mac payload), you should MAKE that point, which you don't.

    @bobp: It implicitly (also bad, it should be CLEAR) establishes that this is a Windows exploit -- not where they say the executable is stored.
    ZDNet Gravatar
    escoles@...
    20th Aug
  • RE: New malware attack circulating on Facebook
    m2 pvp serverlar tan??t??m?? pvp serverler mt2 private servers metin2 pvp serverler metin2 games metin2 pvp serverlar
    mt2 pvp servers pvp metin2 online games mt2 pvp m2 games servers metin2
    private servers mt2 private server m2 private online game metin 2
    g??zel s??zler roms guzel sozler
    face 100 ifadeleri yemek tarifleri yemek tarifleri face guncel news face t He Facebook land facebook
    games hiller metin2 hile games dowland metin2 indir

    chat
    mynet
    sex
    sex hikayeleri
    ZDNet Gravatar
    sirnem
    20th Sep

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources