ScamSniper Shared : Watch out for chat messages with links pointing to photo albums. Koobface variant maybe attached – Updated


Update: 03-19-2011 ( Extended To 03-24 )
There have been quite a few reports of facebook users receiving chat messages with links which lead to malware downloads, Phishing Websites, Rogue Apps, Like-Jacks and other malicious elements. The text of the messages will vary, but they are all received unsolicited via friends who have installed rogue apps or have had their accounts compromised in some other fashion.  Remember, never follow the links given in unsolicited messages sent to you via facebook chat or email. Please take the time to read and share the information below.
Note 1: If your friends appear to send you links via chat messages, but then tell you they didn’t send you anything because they were not online at the time, advise them to run a full virus scan on their computer immediately. They should also change their password once they confirm their computer is virus free and they should take the time to check the apps they have installed on their facebook profile. 
Note 2: Some facebook users have reported that the applications associated with certain links they have received via chat appear to change their names. EG, A friend sends you a unsolicited link, you click it and it takes to different Rogue App each time or for each new install of the rogue app the bait message and link appear different. This is known as a type of Fast Flux spam campaign. The bait messages, links and rogue apps are designed to rotate or change for each new victim in effort to keep the spam circulating longer. You can read more about these types of spam campaigns at the links provide in the Additional Resources Section below..
Additional Resources
Facebook Survey Scammers Adopt Fast Flux Techniques

http://news.softpedia.com/news/Facebook-Survey-Scammers-Adopt-Fast-Flux-Techniques-182447.shtml


Fast-Flux Facebook Application Scams
http://www.symantec.com/connect/blogs/fast-flux-facebook-application-scams

Staying Virus Free ( Resource For Virus Scanning and Account Clean up )

Keeping Your Accounts Safe ( Resource – How To Keep Your Accounts safe)


Example Chat messages to Avoid:
hey i uploaded your picture.  + Link
OMG: This girl killed herself after her FATHER posted this message on her wall: + Link 
I Like Your Picture. +Link
I just took this cool quiz, You should try it too. +Link
This is a awesome app. Check it out! +Link
Cool, You can see who deleted you with this. +Link

Yo, you were one of my first three friends on FB. Was I one of yours…” +Link
99 Percent of People Cant stop laughing at this video +Link ( Like-Jacking )



Update: 03-05-2011
There have been quite a few reports of facebook users receiving chat messages with links which lead to malware downloads. The messages claim to lead to photos, but once a user clicks the link they are required to download an (.exe) or “executable” file named “facebook-pic{Numbers}.exe“. Remember, never follow the links given in unsolicited messages sent to you via facebook chat or email. Please take the time to read and share the information below.
Example Chat messages:
hey can i post this picture on my fb page? :)) + Link
Morning I love your pic + Link


More Information:
Virus Application Warning – I like your Picture :O) – Spammed in chat

http://thebulldogestate.blogspot.com/2011/03/virus-application-warning-i-like-your.html

Update: 02-18-2011
Security researchers at F-Secure have issued a warning to all facebook users in regards to chat messages containing links which lead to phishing websites. Users may receive links via chat which look like they lead to applications on the facebook platform. Example links below.

—-Example Links—
—-Example Links—
Although these links look like they lead to pages within the facebook platform, once a user takes the bait and clicks one, they are redirected to external fake Facebook login pages and asked to had over their account login information. If you are using facebook chat and receive a link similar to the ones shown above don not click on it.
Full F-Secure Report – Another Facebook Phishing Scam Run
Update: 02-14-2011
There have been quite a few reports of facebook users receiving the message: “you look innocent in this picture“,  via facebook chat. The message also contains an attached link and seems to be sent from multiple people within the users friends list. Unfortunately no one has provided the exact link given in the message, so I have no idea what malicious content the link may point to. For now, please use the related reports below as general warning to be cautious of any such messages. Remember, never follow the links given in unsolicited messages sent to you via facebook chat or email. Please take the time to read and share the information below.

Update: 02-01-2011
Via Allfacebook.com

If you use facebook chat, watch out for messages from friends, containing links which claim they have won some type of prize and that you can too. The messages and links are more then likely not from the friend and lead to survey scams. Read more below.
Full Report – WARNING: Beware Of Chat Hijackers
Note: If your friends appear to send you links via chat messages, but then tell you they didn’t send you any messages or links because they were not online at the time, advise them to run a full virus scan on their computer immediately. Then also let them know they should change their password once they confirm their computer is virus free.

Update: 01-25-2011
Via the Sunblet GFI Labs Blog.
User should still be extremely cautious of any links sent to them unsolicited via chat, which claim to point to photos. This particular malware has been floating around on facebook for a few weeks. Some users have stated that they have come across links to this malware on their walls or in the news feed. Read more at the link provided.

Phony Facebook Photos lead to malware
http://sunbeltblog.blogspot.com/2011/01/phony-facebook-photos-lead-to-malware.html

Original Break:

Facebook users should be extremely cautious of any links sent to them by their friends via chat. Researcher have spotted a new worm, very similar to the Koobface, circulating on facebook via this method, today. Be advise this new worm also contains Yahoo! IM and IRC capabilities, meaning it can be spread via those client’s as well.
Intended victim may receive a chat message with an attached link, from a friend, asking them to view a photo album. The link may point to an app.facebook.com address, however if you make the mistake of clicking the link you will not be taken to the normal Facebook application install screen. You will instead be taken to a facebook page which states the  “Photo has been move” and that you need to click a “View Photo” button to see the photo. If you click the button you will be immediately prompted to download a file named “Facebookphotos###.exe“.


Example


Note: It is very important that you do not follow any links sent to you in this manner. As the report states the malware may actually download to your computer by just visiting the page. There may actually be no further interaction necessary on your part, once you’ve clicked the link. Also be aware the link may not be from your friend, but instead from the koobface malware itself, because the friends computer may already be infected with the worm.
More Info Via The Sophos’s Blog Naked Security
Facebook photo album chat messages spreading Koobface worm
The Koobface Worm
Koobface is a computer worm that targets users of the social networking websites. It name is an anagram of facebooklinux systems. Once it is installed, it will attempt to gather login information for FTP sites, Facebook, and other social media platforms, but not any sensitive financial data. It then tries to spread itself via the infected computer, to the friends of it’s victim, though their social networking accounts. If a users computer is infected, their friends will receive links in messages from them, and if the friends follow the links, they are normally taken to third-party websites and prompted to download a file which will infect them as well.
Damage Control For those who have fell victim. )
If you believe you have fell victim to the Koobface worm, you need to clean your computer of the infection immediately. This will stop it from stealing any more of your data and to prevent it from spreading to any of your friends. I suggest you check your current Anti-Virus software to make sure it is up to date and functioning properly. Then you should run a full virus scan on your system with it. If you do not have Anti-Virus Software on your system, there is a list of FREE ONLINE VIRUS SCANNERS available at the link below. ( I suggest you check your system with at least 2 of those and then install and run a scan with Malwarebytes Anit-Malware, (Free Version), to clean any further infections the Anti-virus scanners may have missed. ( Also available at the link below.)
Stay Virus Free

Leave a Comment and Share to Facebook

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: