Facebook Malware that infected more than 110K

Most engaging sites like Facebook, Twitters are the prior target of cyber hackers, and they came up with new tricks with there malicious stuffs to get the victim.  As earlier also cyber criminals have tried many times with the spam or malicious post and targets social accounts users and once again here they are.

Currently a Torjan which rapidly rounding over the popular social network 'Facebook' have infected more than 110,000 facebook users and that also in just two days. The malware that spreads itself by posting link to a pornographic video from the account of previously infected users. This malicious post tags more than 20 members of the infected users and if the tagged users click on the link, malware post the link from the recent infected users account and tagged 20 more members of it.

This makes the malware to spread very fast because tagged users see the malicious post link as well as it friends also saw the same links.

A security researcher Mohammad Faghani, who is initially investigating on this malware campaign have have posted on the disclosure mailing list that the malware can manipulate keystrokes and mouse movement. One indicator of compromise is the presence of Chrome.exe in the Windows processes.

Faghani calling this new technique as 'Megnet' because the malware gets more visibility to the potential victims as it tags the friends of the victim in a the malicious post. In this case, the tag may be seen by friends of the victim's friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation.

Faghani notes that, If and when a user opens the link contained in the post, the video begins to play but then stops and asks the viewer to install a fake Flash player containing a Trojan downloader with the actual malware. The fake flash file drops the following executables as it runs, chromium.exe, wget.exe, arsiv.exe, verclsid.exe.

If you find a program running with a name 'chromium.exe' in the Windows processes of your system, then it indicates you were infected. Faghani have just wrote some details about the malware as his investigation is in process and he will add full disclosure soon later.