Facebook Virus

[Bluedot]

I recently spotted this on Facebook. Somebody pmed me saying "I got u surprise

Code:

hxxp:/REMOVED

via Facebook mobile. I decided to check it out. It redirected my to a webpage (

Code:

REMOVED/

) which was blank except in the centre where it was written "Download photoalbum". I clicked on it and found that it was a download link to a file called photo.exe which is around 712.5 KB in size. Apparently undetectable by my NIS 2011 real-time, it got 14 detections when I uploaded it to VirusTotal on suspicion. When I tried running the file, SONAR picked it up and deleted it.

VirusTotal reports HERE.

P.S. The above links are for informational purposes only. @Mods: If there's any problem with me posting the links here, please feel free to remove them.

[Neo]

thasts a very common way to spread trojan through FB

[7even]

14 of 43 (32.6%) told that it was a malware and Norton couldn't detect in real time. Wow!

[hellnoire]

Read about this virus a while back, one of the new cross platform ones. Still requires root/sudo under Linux.

Please next time, hxxp and quote it if you're linking. Thanks.

[Bluedot]

@hellnoire: Can you tell me where you read about the virus? I wanna read it too. And do I have to do hxxp for malicious links only or for all links?

[LunarWolf]

The site now redirects to a new site when the user click download a file name surprise.exe

Virustotal link : http://www.virustotal.com/file-scan/...a21-1293510261

ESET, Kaspersky and Norton didn't detect. Submitted to avast virus lab.

[Ceyfer √]

Just ignore it and hit the delete message button - problem solved. Most of the time this type of social engineering attack is usually needs user-assistance, ( user-assisted attacks ). No need to argue whether you AV detected it or not. It's not a Facebook virus, it does uses Facebook as a medium to disseminate those trojan agents, using its internal features and capitalizing on human's trust. Be vigilant! tc...

[Alboguy]

Let's report it on WOT guys!!

[Bluedot]

@ceyfer: Yes, one should hit the delete button. But I decided to download it. It helps when I'm testing anti-malware stuff..

[leofelix]

Links bringing to malware removed for security reasons.

Next time, go and report malware directly to antivirus vendors, please.

The security of our members is VERY IMPORTANT

no further links to malware will be tolerated

Thank you for understanding.

Thread closed