Rogue pornography links on the world’s most popular social network have reportedly infected over 110,000 Facebook users with a malware Trojan in just two days and it is still on the rise, a security researcher warned Friday.
The Facebook malware disguised as a Flash Player update and spreads itself by posting links to a pornographic video from the Facebook accounts of previously infected users. The malware generally tags as many as 20 friends of the infected user.
"In the new technique, which we call it 'Magnet,' the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post," said Mohammad Faghani, a senior consultant at PricewaterhouseCoopers, in a mailing list post to the Full Disclosure infosec hangout.
"A tag may be seen by friends of the victim's friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation."
The malicious post will provide you a link to a porn video in one of your friend's posts. Once clicked, the malicious link will land you a website that will prompt you to quickly download and run a Flash update in order to play the video message purporting to be pornography.
Unfortunately, doing so will download a Trojan horse directly onto your computer system, allowing a malicious hacker to hijack your Keyboard and Mouse. By having control of victim’s keyboard and mouse, one can capture very useful information – like webmail and bank account passwords.
Once installed on a Windows PC, the malware collects the victim's data and tries to communicate with the server behind the filmver.com and pornokan.com domains for more instructions.
Faghani notes that the malicious file drops the chromium.exe, wget.exe, arsiv.exe and verclsid.exe executable files. In general, Chromium.exe is a generic dropper that probably downloads more malware to install, such as the keylogger, once it's running.
This new technique also enables the malware to keep a low profile, while also displaying itself publicly on your profile, and this is only the reason how the malware infected so many Facebook users just in two days.
The other embarrassing part of this is when your family and friends see that you have just liked and shared porn links on your wall.
In a statement, Facebook said, "We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we're aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites."
In order to stop the wave of infections, Facebook is "blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook."
To protect yourself from such type of malware infections, just avoid clicking rogue porn links on the social media sites, and when it’s Facebook, Don't do it ! Just Don’t !