The new Trojan hunts on users of Facebook, Twitter and Google+

Posted: May 16, 2013 in IT Security News
Tags: , , , , , ,

Doctor WebThe company “Dr Web” found a previously unknown functionality in the new malicious program for Facebook.

Trojan.Facebook.311 can not only publish the name of the new user’s status, join groups, post comments, but spamming social networks Twitter and Google Plus.

Trojan Trojan.Facebook.311 is written in JavaScript language for popular web browsers Google Chrome and Mozilla Firefox. Attackers are spreading Trojan using social engineering techniques – unwanted programs to access the system using a special application installer that masquerades as a “security update for watching videos.” It is noteworthy that the installer is digitally signed by the company Updates LTD, owned by Comodo. Add-ins are called Chrome Service Pack and Mozilla Service Pack respectively. In order to spread malicious Trojan created a special page on the Portuguese language, focused, most likely, on the Brazilian users of Facebook.

After the installation is completed at the time of launching the browser Trojan.Facebook.311 tries to load a file from a malicious server with a set of commands. Then embedded in a malicious browser plug-ins awaiting the moment when the victim will authorize the social network Facebook. The Trojan can perform on behalf of the user for actions arising in the configuration file contained malicious commands: put a “Like” publish status, place it on the user’s wall post, join a group, comment on the news, to invite people from your contact list or group of victims in an a message to them. In addition to this, the Trojan can team attackers periodically download and install new versions of plug-ins, as well as interact with the social networks Twitter and Google Plus, in particular, to send spam.

Recently Trojan.Facebook.311 was seen in the proliferation of Facebook messages containing an image that mimics the built-in browser media player. When you click on it redirects the user to a variety of scams resources. Similarly by means of personal messages and the statuses the Trojan advertizes roguish quizes in which allegedly it is possible to win various valuable prizes.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s