Facebook chat worm continues to spread

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Facebook crackLast week Naked Security warned of a Facebook worm that was spreading on the social network, tricking users into believing that they were clicking on a link to an image.

The bad news is that the attack appears to still appears to be spreading via Facebook’s chat system, exploiting compromised users’ accounts.

An analysis by SophosLabs has identified that malware designed to install the Dorkbot worm onto users’ computers is being spread via Facebook chat. And, for now at least, Facebook’s built-in security systems are not preventing it.

Facebook chat log, including malicious link

Sign up to our free newsletter.
Security news, advice, and tips.

It wasn’t the Facebook friend you are chatting with who sent that message, it was the Dorkbot malware instead. The link may appear – on casual observation – to point to Facebook.com, but in reality it goes to a third-party website.

Although an unsuspecting user may believe that they are clicking on a link to a JPG image, the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.

The ultimate aim of all this malicious activity is to install the Dorkbot malware onto your Windows computer.

Sophos products detect the files as the Troj/VB-FRI and Troj/VB-FRJ Trojan horse respectively.

Clearly it’s time, if you haven’t already learnt the lesson, to realise that you should always be wary of links shared by friends on social networks – after all, how can you tell it was a friend who sent it or a piece of malware on their computer?

Make sure that you keep informed about the latest malware attacks, scams and other threats on Facebook. Join the Sophos page on Facebook, where over 150,000 people regularly share information on threats and discuss the latest security news.

Hat-tip: Thanks to reader Rajesh for sending us the screenshot.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.