May 16, 2013
After the installation and as soon as the browser is launched, Trojan.Facebook.311 attempts to download a file containing instructions from a remote server. Next, the plugin waits for the user to authorize on Facebook. After that, the Trojan horse can perform actions on a user's behalf in accordance with instructions found in its configuration file. These include marking something with “like”, updating a status, leaving a message on a wall, joining a group, leaving a comment, and inviting a user on the friends list to join a group or sending that user a message. In addition, when commanded, the Trojan can download and install new versions of the plug-ins and send spam on Twitter and Google Plus.
Recently Trojan.Facebook.311 posted messages containing an image that mimics an embedded media player. Clicking on the image redirects the user to various bogus sites. Similarly, the Trojan sends personal messages and updates a user’s status to advertise rogue quizzes in which one supposedly can win a variety of prizes.
The threat's signature has been added to the virus databases, so it poses no threat to systems protected with Dr.Web anti-virus software. Despite the fact that criminals are targeting the citizens of Brazil, the scheme can be implemented for any target group. Doctor Web recommends that users exercise caution and refrain from downloading and installing suspicious applications or browser security updates.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.