Facebook worm poses as two blonde women

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Blonde womanIf you’re a Facebook user be on your guard against the latest worm reportedly spreading on the system.

First identified by Danish security researchers at CSIS, the worm appears to have been spread via malicious links on the social networking site.

The danger, of course, is that one of your Facebook friends may have had their account compromised (maybe they were sloppy with their password security, or gave access to a rogue application) and you might be tempted into clicking on a link seemingly posted by them.

Although the links pretend to point to an image, the truth is that a malicious screensaver is lurking behind an icon of two blonde women:

Sign up to our free newsletter.
Security news, advice, and tips.

The malicious file has an icon of two blonde women

When the code is run it attempts to download futher malware hosted on a compromised Israeli website.

At the time of writing, the malware is not present on the Israeli website (all that remains is a message seemingly from the hackers), but it is very possible that they are using additional websites to spread their malware attack.

Hacked website

Sophos products detect the malware as the Troj/Dloadr-DKK Trojan horse. If your PC becomes infected it is possible that you also have other malware on your computer, some of which may attempt to steal your banking information or compromise your PC in other ways.

Make sure that you keep informed about the latest malware attacks, scams and other threats on Facebook. Join the Sophos page on Facebook, where over 150,000 people regularly share information on threats and discuss the latest security news.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.