Tricky Facebook worm spreading

Danish researchers first detected a worm on Facebook that logs on behalf of a given user and sends spam messages to friends and acquaintances. The message forwarded contains only one URL, which is a link to an Israeli server.

By clicking on this link, users can attached image they see what appears to be a screensaver. However, downloading and running it is not recommended because it contains malicious code. The malware was created using Visual Basic 6.0 and is said to contain a number of anti-decryption tricks, such as detecting virtual environments used in the analysis, such as VMware, Sandboxie, or VirtualBox. The malware creates an army of additional malicious code on the infected machine, or as security expert Peter Kruse puts it: it tries to place a complete malware cocktail. Of these, the Trojan Zeus Trojan may be the best known and most dangerous.

 The screensaver received in the URL without accompanying text cannot be considered a reliable source.

The lesson is: always act suspiciously against messages without any accompanying text, but only with a bare link, and we only manage our downloads from a trusted place! 

Source: antivirus.blog.hu