Security researchers at Kaspersky Labs are warning of a new click-fraud worm distributed via Facebook. The malware creators are using Crossrider, a legitimate programming framework used to create unified browser extensions for Internet Explorer, Firefox and Google Chrome.
While monitoring botnet activity, Kaspersky researchers discovered that the malware installer would connect to a malicious site and then install files in the PROGRM FILES folder using the name “FACEBOOK LILY SYSTEM.”
The code for Google Chrome was the easiest to analyze, as it just contained two lines of code. The first line loads JQuery funtions, and the second loads the payload of the malicious code.
The goal of the malware is to “spoof ad modules on Yahoo, YouTube, Bing/MSN, AOL, Google and Facebook.”
As with many malware schemes we have seen in the past, this one propagates on Facebook by publishing spam messages from infected user accounts.
Sergey Golovanov, the Kaspersky researcher issuing the alert, further advised that the malware kit is being advertised in hacker forums for $1,000. Sergey concludes the post by saying, “This malicious program is a an excellent example of Malware 2.0-class programs based on modern web technologies, using social networks to propagate themselves and generating illegal incomes for their owners by spoofing various services.”
Malware authors often use rogue applications and rogue browser extensions to virally spread scams, spam and other malicious code on Facebook.
We highly recommend users audit their installed browser extensions and Facebook applications on a regular basis.
How to protect your Facebook account from Rogue Browser Extensions
How to protect your Facebook account from Rogue Applications
Recommended Resources
BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.
PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.
Do Not Track + is a FREE browser plugin created by Abine. This easy to install plugin keeps websites from tracking you. If you value your online privacy, then you should definitely take advantage of this free product.
Action Alert | Free Parental Control offers a 100% free Internet safety solution designed for parents. There is also a Maximum Protection option for parents that need a more advanced set of tools.