News

Another Facebook Scam: A Worm Disguised as Sex Photos

2015-04-01

Cybercriminals are experts at using Facebook and other social networks to rapidly spread viruses. Sometimes, all it takes is a little bit of tempting content and a link. People take the bait, and the virus spreads like wildfire across the Internet. That’s exactly what’s happening in the case of a recent worm that disguises itself as porn in order to infiltrate and commandeer users’ Facebook accounts.


The worm, which was recently detected by the Baidu Antivirus Security team, labels itself as “sex photos” or as a porn video to trick people into clicking it. The second it’s clicked, it downloads executable malware files like Videos_New.mp4_2942281629029.exe or Album_110208213_2942281862977.exe. Those files by themselves are not harmful, but if you open them, they will take control of your Facebook account and perpetuate the scam by sending more fake porn links to all of your friends.

Figure 1. An example of the harmful link


Analysis by Baidu Antivirus security experts has shown that this worm uses the short link service ow.ly to jump to AWS (Amazon cloud service), and from there to a box cloud storage server. This three-level jump method (which is the same method employed by other, similar Facebook scams) allows the virus to more easily evade detection by security software. After infecting a computer, it disguises itself as "Samsung Appstore" to appear benign and dissuade users from trying to remove it.


Recently, Facebook has become the platform of choice for an increasing number of cybercriminals who want to spread their viruses quickly across the Internet. In February 2015, The Guardian reported that more than 110,000 Facebook users were infected by a Trojan posing as a Flash update. The content in question that caused the virus to spread so rapidly? A porn video.

Figure 2. The Trojan is detected by Baidu Antivirus


Baidu Antivirus users simply need to enable the Full Protection feature to intercept this Facebook worm. Affected users can also use the System Repair tool in the Baidu Antivirus toolkit to check if their computer is infected with this worm.


Reference: The Guardian


Download Baidu Antivirus – the best free antivirus – here: Download