“There is no delight in owning anything unshared.”

Cyberattacks October 2012 Part (II) – A very Social Malware (Facebook??)

Despite Facebook being not a new attack vector, there is a new kind of malware spreading through Facebook. This malware is protected against both debugging and network traffic analysis. In order to protect binary code from reverse engineering, it was obfuscated using a special Protector. Network traffic is encrypted (even the DNS queries!) and produced in excess. VirusTotal results for this malware sample:

It spreads through Facebook, by writing a chat short chat message and posting following message on a wall:

http://xxxxxxxx.com/xxxxxxxx.php?ref=facebook&w=%5Brandom characters]&resource=youtube&w=[name] :* favourite [random characters] 😀

Then, it sends a following Skype message:

youtube favourite [random characters]! http://xxxxxxxx.com/xxxxxxxx.php?ref=facebook&w=%5Brandom characters]&resource=youtube&w=[name]

Finally, it sends an MSN message

:* http://xxxxxxxx.net/xxxxxxxx.php?ref=facebook&w=%5Brandom characters]&resource=youtube&w=[name] youtube hit [random characters] 😀

If user clicks on the link, malware is downloaded to the victim’s computer.

Kindly refer to the following link for details analysis and further explanation: (Analysis of a very social malware):

https://www.cert.pl/news/5587/langswitch_lang/en

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s