Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.
The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.
A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.
Screen shots below.