Category: Computer Security Firm

A new Trojan malware infecting Skype video conferencing software may be used to spy on others – particularly in Syria, an electronic freedom group warned this week.

The Electronic Frontier Foundation (EFF) said the malware, “BlackShades Remote Controller,” sells online for $40 and may be targeting activists in Syria.

It said there is evidence to suggest the use of BlackShades, whose capabilities include keystroke logging and remote screenshots, may have been carried out by pro-government hackers.

“This malware is distributed via Skype. It is distributed in the form of a .pif file,” it said.

During the latest attack, a malicious link is sent claiming to be an important new video.

When clicked, it can compromise the victim’s account and send itself to people in the victim’s address book.

Source: GMA News Online

Facebook users got a heads up Tuesday against a new malware disguised as an email. This latest scam uses the network’s platform to try to trick users, asking them to confirm if they want to cancel their accounts.

According to Sophos, a computer security firm, It provides a link to “confirm or cancel” the supposed request, but the link leads to a third-party app running on Facebook’s platform.

Sophos warned, “Of course, that means that the link *does* go to a facebook.com address – something might fool those who are not cautious”.

“And it seems they’re pretty insistent that you allow it.. If you hit the ‘No thanks’ button they’ll just carry on pestering you to allow the Java applet to run,” said Sophos, which also acknowledged that the social engineering being used by the tricksters behind this malware attack is “pretty cunning.”

Source: Sophos

Not being able to separate real Facebook apps from fake ones is a serious hiccup. In a blog post, BitDefender said the bogus Facebook apps are duplicates of legitimate apps like “Lista de Verificación del Amante Ideal” and “Lista de Verificare pentru Iubit(a)” (Spanish and Romanian for “Girlfriend Checklist”).

“The apps are supposed to scan your Facebook contacts and list all the potential girlfriends/boyfriends among your friends. It also enables tagging so “potential candidates” can be made aware of the (fake) app you’ve used.”

These duplicated applications have the same behavior as their original counterparts (in terms of functionality), but they perform a http 302 redirect to another link, that’s not Facebook-related, when they detect mobile traffic.

When detecting an Android handset, the altered app redirects you to a random Google Play (Android maketplace) game that’s totally unrelated to what you were doing.

None of the analyzed Google Play apps have proven to be infected with malware, but the possibility of being redirected to some potentially malicious application or website should not be taken lightly.

Source: Hot For Security

Computer Security Firm

A new worm is spreading on Facebook and instant messaging services, distributing a link that leads to a malicious file, a computer security firm warned this week.

Trend Micro said the malicious file, which contains the word “Facebook” in its name, poses as a zip file that contains an executable file.

“We recently received reports about private messages found on Facebook and distributing a link, which is a shortened URL pointing to an archive file “May09-Picture18.JPG_www.facebook.com.zip”. This archive contains a malicious file named “May09-Picture18.JPG_www.facebook.com” and uses the extension “.COM”.”- Trend Micro

Once executed, this malware (detected as WORM_STECKCT.EVL) terminates services and processes related to antivirus (AV) software, effectively disabling AV software from detection or removal of the worm. WORM_STECKCT.EVL also connects to specific websites to send and receive information.

This worm also downloads and executes another worm, one detected as WORM_EBOOM.AC  is capable of monitoring an affected user’s browsing activity such as message posting, deleted posted messages and private messages sent on websites such as Facebook, Myspace, Twitter, WordPress, and Meebo.

It is also capable of spreading through the mentioned sites by posting messages containing a link to a copy of itself.

Source: Trend Micro