INCA Internet response team detected malicious files disguised as sent from Facebook. Facebook is a social networking service launched in February 2004, owned and operated by Facebook, Inc. As of June 2012, Facebook has over 955 million active users, more than half of them using Facebook on a mobile device. Security threats for SNS have been increased since the number of Facebook user has grown. Therefore, Facebook users need to understand these security threats and to be careful from attachment on e-mail. Because of social engineering, an understood to mean the art of manipulating people into performing actions or divulging confidential information, is consistently used, users need to be careful from malicious behaviors.
2. Spreading path
Spreading fake e-mails from Twitter or Facebook have been being found on uncertain interval. It's really classical, though, it is the strongest way to spread malicious files. Reported case on Aug. 28, 2012 is as following.
To create and propagate malicious files are very intelligent. Following image was sent from on Aug. 29, 2012. Besides, receiver's mail address is hidden.
Each e-mail contains malicious file as a ZIP form, which name is "New_Photo_with_You_on_Facebook_PHOTOIDJKG3JSP0.zip" and "Your_Friend_New_photos-updates_id929690899.zip".
Each ZIP file contains executable malicious file.
It contains "New_Photo_with_your_friend_on_Facebook.jpeg.exe", "Your_Friend_New_Photos-and-Updates.jpeg.exe". If a user checked to hide known extension name, .exe will be invisible.
Upon executed malicious file, it will create "svchost.exe" on "All Users" folder and perform malicious behaviors such as collecting or leaking device info.
INCA Internet response team added these patterns to our AVS, so users are needed to update latest version for being safe from these malicious files.
Spreading fake e-mails from Twitter or Facebook are really classical, though, it is the strongest way to spread malicious files. To
use PC safely from security threats of these malicious attachments, we recommend
you download latest security updates and obey following "Security management
tips" for general users.
Internet (Security Response Center / Emergency Response Team) runs responding
system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats
various variant files.
Free installation link of nProtect
AVS : http://avs.nprotect.com/