Recently, Facebook users were exposed to a slew of worms, including Win32/Yimfoca.AA and Win32/Fbphotofake. Win32/Yimfoca.AA has even ranked in the ThreatSense.Net Top Ten in many European countries, including Austria, Italy, the Czech Republic and Slovakia, for the last few weeks.
According to Marek Polesensky, Malware Researcher at ESET, the Yimfoca worm uses Facebook chat to attack, while Fbphotofake is a social engineering worm which distributes itself and other malware through spam Facebook messages. Polesensky adds: “Yimfoca serves as a backdoor that can be controlled remotely and can also spread through other IM software like Skype, MSN or Yahoo Messenger.” Additionally, Yimfoca can also download and run other malicious software posted online - including fake anti-virus software, change security settings or deactivate the Windows firewall. Fbphotofake worm foremostly distributes Facebook spam. Users are advised to be careful and not to open suspicious and unknown attachments, or click on dubious links.
Related to the recent malware attacks, David Harley, ESET Senior Research Fellow, has pointed out that Facebook messaging is increasingly exploited for Nigerian letter scams. “It is standard Advance Fee Fraud, with a little extra oomph in terms of emotional blackmail,” says Harley. He advises users to “always be sure about the identity of the sender and about the IM or Facebook message content.” Randy Abrams, Director of Technical Education at ESET North America notes that “a part of the problem is that the Facebook culture is anti-security and that is a very tough obstacle for their security professionals.”
Latest Facebook threats:
• The Win32/Yimfoca.AA worm has been spreading for the last few months, reaching Top Ten in several European countries according to ThreatSense.Net.
• Fbphotofake distributes Facebook spam. In case of both worms be careful and do not open suspicious and unknown attachments, or click on dubious links.
• Nigerian letter scams are being spread via Facebook messages as well.