Display results as :

Rechercher Advanced Search


free forum
We have 66 registered users
The newest registered user is computerrepair17

Our users have posted a total of 19 messages in 19 subjects

WARNING! Facebook and Myspace Virus

Go down

WARNING! Facebook and Myspace Virus

Post by Admin on Thu Mar 11, 2010 9:32 am

users are being aimed by vicious hacks directly postings on the popular social-networking internet site. The Wall, is a core feature of Facebook profile pages, is used by members to leave each other messages. In addition to text can also contain photographs, video recording*, music and hyperlinks to internet sites. The malware attempts to enters the form of a Wall content supposedly placed from an acquaintance that impulses members to click upon a link to view a video recording on a internet site supposedly hosted by Googler. Nevertheless, the link redirects users to a Web page that Is not hosted by Google. Where they're assured they need a new version of Adobe's Flash player and are recommended to download a executable file to watch the video.

The data file is actually a trojan. Troj/Dloadr-BPL, that funnels other malicious code discovered as Troj/Agent-HJX into users' machines. When it's done that, it reveals an image of a court jester sticking his tongue out. Although on the surface this might appear to be a practical joke from a friend. Actually it means the PC has been compromised and malicious hacks have gained control all over it to use it for a diversity of purposes, such as as broadcasting spam or broadcasting malware. Malicious cyber-terrorists have comprised utilizing these spyware distribution technique for several years on e-mail messages, so many users know how to avoid these traps. Nevertheless, people may be less alert in more closed and controlled environments such as social-networking sites.

For a good example, in this case, the malicious Wall content is cloaked as coming by someone on the user's list of Facebook and Myspace friends, maximizing the odds that the link will be clicked on. Be very questionable of Wall postings demanding you to click on a link to go watch a video recording. The friend whose name appears with the video recording has had his PC or Facebook account compromised somehow that allows malicious cyberpunks execute activities without the friend's knowledge. It's possible that the affected friend previously fell for the "court jester" trap, and his PC and Facebook accounts is being used to pass around the worm.

The approach is the cutting-edge in a rising trend of malicious cyberpunks using social-networking sites to circulate spyware. These sites offer an appealing distribution channel because people feel safer and are more willing to follow links and perform actions if they think a friend is urging them to do so. In fact, it could be a malicious hacker posing as a friend, If people click on a third-party Web site link and a content pops up asking them to download software into their pc's. They should never go ahead with the software download. If they feel they should upgrade their Flash player, they should do so only from Adobe's Web site.

The word is also crucial for IT departments of companies where employees are permitted to use Facebook at work Given the wide fame by social networking for personal and business concern communications, IT managers should draft policies regarding the proper use of these sites by employees IT managers should also consider whether they need additional security measures if they decide to admit these internet sites to be accessed from the office. For example, many IT departments have installed products that scan e-mail traffic to stop adware and spam, but with many Web sites now being used to host malware, it's a good idea to in addition to install a security device that scans all office Web traffic and any software downloads that employees attempt to make.

The following files are added in %WinDir% folder:

%WinDir% \system32\splm\kbdsapi.dll
%WinDir% \system32\splm\lmfunit32.dll
%WinDir% \system32\splm\mcaserv32.dll
%WinDir% \system32\splm\ncsjapi32.exe
The following registry keys are added:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Intelli Mouse Pro Version 2.0B\StubPath: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: "2"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run\Intelli Mouse Pro Version 2.0B: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Intelli Mouse Pro Version 2.0B*: "%WinDir% \System32\splm\ncsjapi32.exe"
HKEY_USERS\Software\Microsoft\Windows\nScan32\ExecuteDate: "14\8\2008"
Hosts file is modified to disable the compromised machine to access most of security web sites: such as:
W32/Koobface.worm spreads via Facebook and MySpace. Current variants only target either Facebook or MySpace specifically.

The following files could be created depending on the variant (the filepath is hardcoded):

The best source to keeping your pc safe and secure is to keep your antivirus engine and dat files up to date. I would also recommend a registry cleaner and optimizer to fix any repairs to your registry that it might have caused. A good registry cleaner/protector will also lock your registry files from being changed unless you give permission. I personnaly recommend Registry Easy.

Recover Your Registry
Registry Cleaner
Fix Your Registry.

Posts : 11
Join date : 2010-02-26
Location : AL, US

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum