Sunday 10 August 2008

BEWARE OF MALICIOUS PROGRAM SENT VIA FACEBOOK MESSAGE


  • How?

    • "hello 'Facebook user name' , lol i cant believe is that you? :D

    have a luk urself...
    http://www.google.com.id.8ssahg8x.gnuszk.a1bd53f1.cn/gallery.php?id=dk35x91oe&a

    uth=6421880&cyua=4cwob7ucni
    (click open or run when prompted)

    OR

    “hello ‘Facebook user name', hehe.. you could be tht naughty i didnt know… really hard

    to see taht from my eyes lol :-)
    have a luk urself…
    http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn/gallery.php?id=dd82hikzt&aut

    h=9490559&cyua=iy2qpfgelm
    (click open or run when prompted)”


    If you get a message similar or as seen above, Please do not OPEN and RUN instead

    LOOK FOR DELETE.

  • What?

    • This is an attempt to con you into installing an 'exe' file called 'picture_dl.exe'. when you click on

    the link/URL, you will be rewarded with a sort of malicious programs which in anyway not related

    to google.com

  • Who?

    • This malicious program is mainly targeted at Microsoft WIndows OS users and has no effect on

    Linux OS. No reports on Apple MAC users so far

  • Where

    • Link/URL analysis
    http://www.google.com.id.ewv1g6d2.ij4s0h.2b99df1a.cn
    ( CN = China domain )

  • When?

    • Specifically, a downloader Trojan for which detection has been added as
    Troj/Dloadr-BPL. The downloader was proactively detected as Sus/ComPack-B for those with

    suspicious type detections enabled.
    When run, this downloads Trojan from a remote server, which has been added as Troj/Agent-HJX. It

    also downloads and displays an innocent image from a popular download site, and saves it to the

    Windows folder as joke.gif.

  • Fix?

    • delete this file on your computer.
    C:\windows\system32\splm\ncsjapi32.exe
    Then Scan your PC
    Delete any instance of picture_dl.exe


-----------FORWARD THIS TO YOUR FRIENDS------------

Thanks
Fraser Howard, SophosLabs UK
Jim Burnell (FB)
Ira Kollo (FB)
Oli Warner (FB)
Many more...

See yourself
http://www.sophos.com/security/blog/2008/08/1632.html
http://www.arikfr.com/blog/facebook-virus.html
http://blog.4rev.net/2008-08/picture_dlexe-beware-of-viruses-being-spread-via-facebook
http://www.thepcspy.com/read/facebook_worm
http://www.facebook.com/topic.php?uid=20531316728&topic=5521

'Friends are not here to hurt you unless someone uses them to their advantage'
Posted by at No comments:
Subscribe to: Posts (Atom)