12345

2/24/2012

[Warning]Malicious files are spreading through facebook chat window

1. Information

With a chat window of Facebook, malicious files are spreading in these days.
Malicious users typed malicious URL to induce user to click for download malicious file.
These shorten URL are used to spread malicious files and hard to be determined its malicious status before clicking.



2. Spreading path and symptoms of infection

This malicious file can be spread via chat window of facebook, and if infected, it spreads itself to victim's friend as a chat message. INCA Internet has gathered various variants of that malicious file and has completed to update.


User can download malicious file with clicking shorten URL.


When extracting downloaded ZIP file, we can see the malicious file(root file). If infected, the copied file(C:\WINDOWS\mdm.exe) of maliciuos file will try to connect to certain external site and will able to vulnerable on downloading additional malicious file.



Created file
- C:\WINDOWS\mdm.exe (195,072 bytes)

3. How to prevent

In case of this kind of malicious file can be spread itself widely with using chat box on Facebook. Besides, shorten URL cannot easily be determined whether malicious or not. Furthermore, malicious shorten URL can be used to spread malicious file on Android-based platform.

To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

◆ Diagnosis name
- Worm/W32.Fakefburl.180887
- Worm/W32.Fakefburl.195072
- Worm/W32.Fakefburl.141312

No comments:

Post a Comment