Facebook virus alert: Worm hidden in image of two blondes

A new worm is spreading on Facebook: once downloaded, it tempts the user into opening it by masquerading as a screensaver with a thumbnail image of two blonde women.

A new piece of malware is spreading across Facebook by leveraging either stolen account credentials or possibly a rogue app. This one is a worm that is being shared via malicious links on the social network, according to the Danish website CSIS, which listed the following domains as sources for the malware:

vinamost.net ferry.coza maximilian-adam.com bacolodhouseandlot.com servi ceuwant.com centralimoveisbonitoms.com.br weread.in.th villamatildabb.com fionagh-bennet-music.co.uk ukseikatsu.com bzoe-salzkammergut.at delicescolres.com dekieviten.nl

If one of your Facebook friends has had his or her account compromised, you may be tempted to click on a link seemingly posted by them. What appears to be a screensaver, with a thumbnail image of two blonde women, will be downloaded onto your computer.

This is in fact a worm: do not download it and do not open it. If you think you have been affected, please read Facebook virus or account hacked? Here's how to fix it.

When the file is opened, it attempts to download further malware, including a popular Trojan called Zeus. This type of malware can take over your computer and/or attempt to steal your banking information.

The malware's code is written in Visual Basic 6.0 and includes ways of tricking users on virtual machines. The source appears to be a compromised Israeli website, which is no longer hosting the file in question. Still, hackers can always use additional websites to continue spreading their malware.

As a general word of caution, don't click on everything your Facebook friends share on the social network. I have contacted Facebook to learn if it has blocked any unusual activity related to this latest worm and if it has any more information to offer.

Update: "Almost all of the domains listed in the article were already blocked by our mitigation efforts, however, we are constantly monitoring the situation and are in the process of blocking domains as we discovered them," a Facebook spokesperson said in a statement. "We have internal systems in place configured specifically to monitor for variations of the spam and are working with others across the industry to pursue both technical and legal avenues to fight the bug."

See also: