Last week Naked Security warned of a Facebook worm that was spreading on the social network, tricking users into believing that they were clicking on a link to an image.
The bad news is that the attack appears to still appears to be spreading via Facebook’s chat system, exploiting compromised users’ accounts.
An analysis by SophosLabs has identified that malware designed to install the Dorkbot worm onto users’ computers is being spread via Facebook chat. And, for now at least, Facebook’s built-in security systems are not preventing it.
It wasn’t the Facebook friend you are chatting with who sent that message, it was the Dorkbot malware instead. The link may appear – on casual observation – to point to Facebook.com, but in reality it goes to a third-party website.
Although an unsuspecting user may believe that they are clicking on a link to a JPG image, the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.
The ultimate aim of all this malicious activity is to install the Dorkbot malware onto your Windows computer.
Sophos products detect the files as the Troj/VB-FRI and Troj/VB-FRJ Trojan horse respectively.
Clearly it’s time, if you haven’t already learnt the lesson, to realise that you should always be wary of links shared by friends on social networks – after all, how can you tell it was a friend who sent it or a piece of malware on their computer?
Make sure that you keep informed about the latest malware attacks, scams and other threats on Facebook. Join the Sophos page on Facebook, where over 150,000 people regularly share information on threats and discuss the latest security news.
Hat-tip: Thanks to reader Rajesh for sending us the screenshot.