ScamSniper Shared :Watch out for chat messages with links pointing to photo albums. Koobface variant maybe attached

Update: 03-05-2011
There have been quite a few reports of facebook users receiving chat messages with links which lead to malware downloads. The messages claim to lead to photos, but once a user clicks the link they are required to download an (.exe) or “executable” file named “facebook-pic{Numbers}.exe“. Remember, never follow the links given in unsolicited messages sent to you via facebook chat or email. Please take the time to read and share the information below.
Example Chat messages:
hey can i post this picture on my fb page? :)) + Link
Morning I love your pic + Link

More Information:
Virus Application Warning – I like your Picture :O) – Spammed in chat

Update: 02-18-2011
Security researchers at F-Secure have issued a warning to all facebook users in regards to chat messages containing links which lead to phishing websites. Users may receive links via chat which look like they lead to applications on the facebook platform. Example links below.

—-Example Links—
—-Example Links—
Although these links look like they lead to pages within the facebook platform, once a user takes the bait and clicks one, they are redirected to external fake Facebook login pages and asked to had over their account login information. If you are using facebook chat and receive a link similar to the ones shown above don not click on it.
Full F-Secure Report – Another Facebook Phishing Scam Run
Update: 02-14-2011
There have been quite a few reports of facebook users receiving the message: “you look innocent in this picture“,  via facebook chat. The message also contains an attached link and seems to be sent from multiple people within the users friends list. Unfortunately no one has provided the exact link given in the message, so I have no idea what malicious content the link may point to. For now, please use the related reports below as general warning to be cautious of any such messages. Remember, never follow the links given in unsolicited messages sent to you via facebook chat or email. Please take the time to read and share the information below.

Update: 02-01-2011

If you use facebook chat, watch out for messages from friends, containing links which claim they have won some type of prize and that you can too. The messages and links are more then likely not from the friend and lead to survey scams. Read more below.
Full Report – WARNING: Beware Of Chat Hijackers
Note: If your friends appear to send you links via chat messages, but then tell you they didn’t send you any messages or links because they were not online at the time, advise them to run a full virus scan on their computer immediately. Then also let them know they should change their password once they confirm their computer is virus free.

Update: 01-25-2011
Via the Sunblet GFI Labs Blog.
User should still be extremely cautious of any links sent to them unsolicited via chat, which claim to point to photos. This particular malware has been floating around on facebook for a few weeks. Some users have stated that they have come across links to this malware on their walls or in the news feed. Read more at the link provided.

Phony Facebook Photos lead to malware

Original Break:

Facebook users should be extremely cautious of any links sent to them by their friends via chat. Researcher have spotted a new worm, very similar to the Koobface, circulating on facebook via this method, today. Be advise this new worm also contains Yahoo! IM and IRC capabilities, meaning it can be spread via those client’s as well.
Intended victim may receive a chat message with an attached link, from a friend, asking them to view a photo album. The link may point to an address, however if you make the mistake of clicking the link you will not be taken to the normal Facebook application install screen. You will instead be taken to a facebook page which states the  “Photo has been move” and that you need to click a “View Photo” button to see the photo. If you click the button you will be immediately prompted to download a file named “Facebookphotos###.exe“.


Note: It is very important that you do not follow any links sent to you in this manner. As the report states the malware may actually download to your computer by just visiting the page. There may actually be no further interaction necessary on your part, once you’ve clicked the link. Also be aware the link may not be from your friend, but instead from the koobface malware itself, because the friends computer may already be infected with the worm.
More Info Via The Sophos’s Blog Naked Security
Facebook photo album chat messages spreading Koobface worm
The Koobface Worm
Koobface is a computer worm that targets users of the social networking websites. It name is an anagram of facebooklinux systems. Once it is installed, it will attempt to gather login information for FTP sites, Facebook, and other social media platforms, but not any sensitive financial data. It then tries to spread itself via the infected computer, to the friends of it’s victim, though their social networking accounts. If a users computer is infected, their friends will receive links in messages from them, and if the friends follow the links, they are normally taken to third-party websites and prompted to download a file which will infect them as well.
Damage Control For those who have fell victim. )
If you believe you have fell victim to the Koobface worm, you need to clean your computer of the infection immediately. This will stop it from stealing any more of your data and to prevent it from spreading to any of your friends. I suggest you check your current Anti-Virus software to make sure it is up to date and functioning properly. Then you should run a full virus scan on your system with it. If you do not have Anti-Virus Software on your system, there is a list of FREE ONLINE VIRUS SCANNERS available at the link below. ( I suggest you check your system with at least 2 of those and then install and run a scan with Malwarebytes Anit-Malware, (Free Version), to clean any further infections the Anti-virus scanners may have missed. ( Also available at the link below.)
Stay Virus Free

Leave a Comment and Share to Facebook


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: