At least tens of thousands users have already become victims to a new virus on Facebook, masquerading as messages from friends and downloads malicious code onto computers worldwide.
“Watch the video by clicking on the picture which belongs to you. ..46” – that is the message received by many surfers. The statement included the recipient’s profile picture and a link labeled ‘YouTube Video’ and Facebook post that looks like it is integrated by the video portal.
But in practice, just like many similar cases in the past, the video does not really exist and only causes users to download malware (malicious software) that allows its distributors to gain remote access to computers and Facebook accounts and spread the messages on.
“I got this from four of my friends” said one of the customers.
What the malware does is kidnaps the contact list and sends chat-like message to all friends with a random number at the end of the message. The purpose of changing the number at the end of the message is probably to avoid spam detection mechanism and to prevent Facebook anti-bot service from noticing that this is the same message that is automatically sent to a large amount of people in a short time.
Clicking on the link leads to video-like status on Facebook. But clicking on the video will not play it, instead will lead to a request to install plugin on the browser. The hackers even bothered to adjust the plugin for different browsers, so when we tested the malware on Chrome browser, it tried to install Chrome extension named ‘Video AdPlusing’, which according to Google download statistics has already reached more than 10,000 visits. However, with Internet Explorer browser, we were referred to download a program called ‘iLivid’ that looks like Adobe Flash. Once downloaded, both programs infect the computer, allowing them to obtain the passwords to Web services and display advertisements whose revenues go directly to the hackers account…
It is interesting to note that clicking on the link from Android device doesn’t lead to the same video page. Instead it downloads application called ‘APUS’, which came out just last week and has already reached more than 10 million downloads. It looks like this is a real application of Chinese society that replaces the Android interface. Yet, it seems the Chinese company used very bad measures to force and increase the amount of downloads…
For those who have already fallen into this trap, your best bet is to go and delete the plugin or software installed on his computer (either by installing anti-virus or by manually removing the malware)