Facebook Worm Spreads Zeus Trojan via Spam Links Containing a Malware-Tainted Photo File

The Denmark-based security group CSIS recently discovered a new computer worm propagating its way across the social networking giant Facebook. This particular worm spotted circulating on Facebook has been identified as a nasty, high-risk security threat that seems to be, mainly, utilized for the criminal purposes of distributing nasty, malware-laced creations onto as many unlucky computer systems as it can get its malicious hooks into.

This worm has been witnessed utilizing targeted and infected Facebook users' accounts to multiply and propagate malicious links - bearing a nasty malware-based computer virus - by spamming its victims' friends' user accounts with the corrupt, infected link.

What's more, if an unlucky victim of this nasty Facebook-based worm clicks on one of the spammed-out malicious links, the victimized user is redirected to a malicious web domain that supposedly offers a downloadable screensaver for their computer.

The problem is that the non-existent screensaver download is not a JPG image file, whatsoever, but is actually a corrupt executable only masquerading as a legitimate screensaver download; this corrupt executable file has been identified and labeled as b.exe, and once this infected file is launched, another corrupt executable is injected and downloaded onto the infected machines.

According to a warning from CSIS, the Danish security firm that first spotted this nasty parasite spreading via Facebook, "The worm carries a cocktail of malware onto your machine, including a Zbot/ZeuS variant which is a serious threat," that is more than capable of stealing confidential, sensitive-types of data from the computer systems that it successfully infects.

Malicious Web Links Also Spotted on a Variety of Infected Servers

The number of web domains that have been spotted propagating this nasty worm has quickly multiplied in a short period of time, and the following list provides only a small number of increasing body of websites/servers that are plagued with the malicious malware-laced and malware-distributing computer Worm:

• www.vinam.ost.net
• www.maximilian-adam-com
• www.ferry.coza
• www.serviceuwant.com
• www.bacolodhouseandlot.com
• www.weread.in.th
• www.centralmoviesbonitoms.com.br
• www.fionagh-Bennett-music.co.uk
• www.villamatildabb.com
• www.ukseikatsu.com
• www.dekieviten.nl
• www.delicescolres.com
• www.bzoe-salzkammergut.at

In addition to serving as hosts for the infected link that has been directly linked to this malicious worm, these corrupt web domains have also served a secondary function. While also working to distribute a nasty package of malware onto their victims systems via the infectious links, these compromised websites are also working to record and gather various bits of data off of the computer systems that they manage to affect.

According to the security reports provided on this nasty Facebook worm - and its corresponding, maliciously spam link - the infected content distributed by these infected servers may appear on compromised systems as any of the following malicious files:

• b.exe
• Index of / images
• Count.txt
• Parent Directory
• PIC96477.JPG.scr
• GeoIP.dat
• f.exe

geoip.inc

• util.php
• images.php

The discovery of this worm's malicious presence on Facebook should remind us, the technology-reliant computer users, of the hazards associated with clinking on unknown links found all over the net. Always remember that, as vigilant, responsible computer users, it is our job to always be wary of unknown links and attachments, only trusting those that we know come from reliable sources.