Facebook Account Hacked with Ads for "Magic Diet Pill" on User's Profile Page


   Recently, Baidu Antivirus has intercepted a new type of Facebook virus, "Trojan.Win32.Febipos", currently spreading through Facebook. So far, we have discovered three variants of the virus and it has affected around 80,000 users. According to reports, after this virus infects a user's computer, it disguises itself as a "Chrome Storage Pack" plugin and hides in the Chrome browser. When the user uses Facebook, it monitors Facebook and waits for an opportunity to send tempting weight-loss ads, as shown below:

   Facebook is an extremely popular social networking site and a great many users use it to locate interesting information. This new type of Facebook virus sends weight-loss ads that appeal to female users' desire to lose weight, with the intent to lure them to a certain website that sells diet pills. 

   A warning from Baidu Antivirus security experts: This new type of Facebook virus can hijack users' Facebook accounts and use them to send ads. It currently only targets Facebook users in the Brazil area. After infection, this virus takes over a user's Facebook account and, through acloud, receives a series of commands that control its advertisement activities. It may post unwelcome ads on a user's Facebook profile page. According to Baidu Antivirus Cloud statistics, this new type of virus was first discovered on October 26th and spread rapidly on the 27th. Then, after a period of low activity, it began to spread again on November 3rd.  


   According to Baidu Antivirus security experts, the growing popularity of Facebook has caused a gradual increase in new viruses that target Facebook. Users must regularly update their security software to avoid this risk. Currently, Baidu Antivirus users can prevent this type of Facebook virus from infecting their computers by simply enabling real-time protection. It is recommended that the other users download the latest version of Baidu Antivirus and enable the real-time protection feature. This will prevent viruses from hijacking their Facebook profile pages.

   Analysis by Baidu Antivirus security experts has shown that these Facebook viruses can be extremely deceptive. They use many tricks to get users to download and install them.

   They may use the official Facebook logo as their programicon

   They may disguise themselves as Facebook Video plugins

   The virus installation process may be disguised as a"Facebook Update" prompt

   Baidu Antivirus reminds users:

   (1) We suggest that users who have encountered strange problems with their Facebook profile pages check their App settings under personal settings, check for suspicious apps, check for suspicious Chrome or Firefox plugins (especially third-party extensions), and regularly change their Facebook passwords.

   (2) When watching a video on Facebook, be wary of the webpages that ask you to download video plugins. This will prevent infection from fake plugins.