PDA

View Full Version : Another malware spreading via Facebook Chat



Win2Win
21st March 2011, 07:21
Is there another worm or malware spreading through Facebook? For the last two days, I’ve been receiving chat messages from my online friends about an app that allegedly gauges how ‘addicted’ someone is. Addicted to who or what, it’s any body’s guess for now, but the message includes a shortened URL using the Bit.ly service. [...]



Is there another worm or malware spreading through Facebook? For the last two days, I’ve been receiving chat messages from my online friends about an app that allegedly gauges how ‘addicted’ someone is. Addicted to who or what, it’s any body’s guess for now, but the message includes a shortened URL using the Bit.ly service. Check out the screenshot on the right. There’s another version of this suspicious message that says:


WTF: G1RL made suicide after her DAD posted THIS mess@ge on her wa11::[shortened URL here]

http://images.jrocas.com.ph/wp-content/uploads/2011/03/Facebook_chat_worm.jpgCurious but cautious, I looked for a way to reveal the long URL hidden behind the shortened URL included in the message.

After some Googling around, I found RevealURL.com (http://www.revealurl.com/?page=home) which basically allows anyone to expand the shortened URLs they have to see what the actual long link is without actually navigating to that link.

That shortened URL was revealed to be pointing to a page on the domain spursoland dot info. I checked again using the same service, but this time it revealed a different domain, aclebite dot info. So it means that what or whoever generates the shortened URLs draws its source from a list of domains that are redirected to a suspicious-looking Facebook app which I would get to later on.

Again, curious as to what could be in that site, I used AVG’s Online Web Page Scanner (http://www.avgthreatlabs.com/sitereports/) to check if the site contained any malicious code or malware as is common with this suspicious messages and websites.

AVG said that the site spursoland dot info was ‘safe and clean’ I took the great risk of visiting the URl in Chrome’s Incognito mode to try to see where it will lead. It redirected me to a Facebook app called ‘spursoland’ or ‘aclebite’ which is clearly looks like something not to be trusted.

http://images.jrocas.com.ph/wp-content/uploads/2011/03/Suspicious-FB-App.jpg Be careful with this app page. It means trouble.


Clearly, the messages was designed to lure or trick Facebook users into visiting the suspicious app and liking it. From then on I don’t know what will happen next, but probably, the Facebook app will lead users to a website containing more malware that will either infect their PC or attempt to steal some private information like contact’s email addresses, credit card information etc.

The important thing to remember here is, DO NOT CLICK on the links your friends share with you via chat the instant you receive them. Take time to pause and read carefully the whole message. You would immediately sense if something is odd with the message, especially if it seems to be out of the ordinary that your friend would suddenly message you with this particular topic which you know isn’t really one of his or her interests.

The best way to deal with this kind of chat messages is to send a private message to your friend and tell them you ‘received‘ that message from them. If it was automatically sent without their knowledge, then they’d also be surprised to know that the message was sent from their account. It would also be solid proof that their PC has been compromised by malware. So doing an anti-virus scan is needed to fix it. It’s also a good move to change the current password on their social networking account, in this case their Facebook account to help avoid a repeat of this problem.

If you would be curious as to see where the suspicious shortened URLs lead to, you can use online tools, like the ones I’ve mentioned above, to check it out first before opening the link on your browser. But still, it’s best that you do not open the links at all. Hackers and spammers nowadays are targeting social networking sites like Facebook more and more because of their ever growing size and popularity.

http://jrocas.com.ph/0838b5e6/4ad0dea1/FeedBlitz/1.0 (7 subscribers).gif

Facebook to launch its own third-party commenting system (http://jrocas.com.ph/archives/facebook-to-launch-its-own-third-party-commenting-system/) (1)
Easy Pasaload with Smart’s Facebook Pasaload App (http://jrocas.com.ph/archives/easy-pasaload-with-smarts-facebook-pasaload-app/) (4)
Path: Social network that limits your friends to 50 (http://jrocas.com.ph/archives/path-social-network-that-limits-your-friends-to-50/) (3)
Did Google Over-react to Facebook Messages? (http://jrocas.com.ph/archives/did-google-over-react-to-facebook-messages-project-titan/) (1)
Why I “Unlike” the Official P-Noy Facebook Fan Page (http://jrocas.com.ph/archives/why-i-unlike-the-official-p-noy-facebook-fan-page/) (6)


Content from... (http://jrocas.com.ph/archives/another-worm-spreading-via-facebook-chat/)

grahamw48
21st March 2011, 11:45
Good info'.
Thanks. :xxgrinning--00xx3:

ampy
21st March 2011, 20:33
:xxgrinning--00xx3: thanks for the info...i am having all sorts of trouble for many days now,

Englishman2010
21st March 2011, 21:30
I dont use the chat facility on FB anyway. One thing that does annoy me is my Andoid FB app on my phone, if I log into FB on my phone it automatically opens up the chat facility, which I can only close down by logging into FB via HTC's own FB App or my PC

raynaputi
21st March 2011, 21:33
i don't go online in FB chat either..it's annoying..

simpleHeart
22nd March 2011, 02:12
you could see it on nakedsecurity.com it is all about the malware,scam spreading in facebook. if you will click on it, it will spread out on your facebook friend getting the same message, and will get all your personal information and used it to scam..lately it was the winning of an ipad!!!It was all virally virus!!!:yikes: