E-Threats Social Networks

Dad Catches Daughter on Webcam and Deploys Malefic Trojan

A bogus Facebook video of a daughter who got busted on webcam strikes users with a harmful Trojan. The malware can grab sensitive information and send it to a remote machine.

Sick of promoting the “dad catches daughter on webcam” scam in English, cyber-crooks went to scammers’ school this summer, pulled an overnight “Omlette du fromage”, and translated the old masquerade into German and Serbian.

If German speakers click on the “Vater erwischt eigne Tochter bei Strippen und das alles via fb” link, and Serbians on “otac uhvatio kceru golu pred webcam,” the polyglot scammers lure them into installing a viperish Trojan.Dropper.TQX.

When clicking the install button, the malware comfortably sneaks into the system. There, it collects sensitive information such as Remote Access Service accounts, HTML content, running processes, passwords, and credentials. The Trojan gathers data from several browsers, but it only infects the Windows platform.

The malware can also install itself using a Java applet for a drive-by download, or it pops out a message after a few seconds of inactivity. If you click “ok” on the update, the message redirects you to the same malware.

Betting on people’s curiosity, the scam uses Facebook and public hosts for promotion. If users click anywhere on the infected web page, they automatically “like” the link, and the scam is put on their Facebook timeline, making it viral.

The version of Trojan.Dropper.TQX circulating on Facebook uses new packers to encapsulate older pieces of malware, according to Bitdefender Anti-Malware Labs. The Trojan is most likely bought from underground forums and embellished by each scammer with ornaments such as backdoors and keyloggers.

When executed, the Trojan copies itself in several locations on the device. This piece of malware is a conscientious tech-savvy “user.” Unlike people who rarely check for software updates, Trojan.Dropper.TQX may update itself to a newer version and also download other malware.

When new folders start to appear out of the blue or important folders start to disappear as in “X-Files,” the same Trojan is to blame. It can also set file attributes as it wishes, so your computer is practically at its mercy.

Spying on everything you do online or offline, the Trojan has other powers too. In the worst scenario, the click you make to peep on the wretched daughter on webcam can lead to identity theft and ginormous piles of money lost.

“Dad catches daughter” viral videos started to circulate on Facebook two years ago. Scammers hit it big by automatically posting “x like video y” messages on victims’ profiles. Because most users log into social networks with the same credentials as for e-mail services, cyber-crooks could easily steal passwords and use them to make more money.

The scam is part of a general series of juicy family-theme stories and short movies of horrendous domestic interactions.

To stay safe online and have reinforced anti malware protection, you should always have your security software updated.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Octavian Minea, Bitdefender Malware Researcher, and Tudor Florescu, Bitdefender Online Threats Analyst.

About the author

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

1 Comment

Click here to post a comment
  • e trist faptul ca bitedefender inca nu-l detecteaza dupa atatea zile:)))

    arcavir Ok
    avast Win32:Dropper-gen [Drp]
    avg Trojan horse Inject.WQ
    avira Contains recognition pattern of the WORM/Rebhip.A.7733 worm
    bitdefender Ok
    clamav Ok
    drweb infected with BackDoor.Tordev.8
    emsisoft Trojan.Inject!E2
    nod32 a variant of MSIL/Injector.AHG trojan
    fprot Ok
    gdata Win32:Dropper-gen [Drp] (Engine B)
    ikarus Trojan.Inject
    kaspersky Ok
    mcafee Ok
    microsoft Worm:Win32/Rebhip.A
    norman Ok
    norton Starting check…
    panda Ok
    quickheal Starting check…
    sophos Troj/MSIL-W
    etrust Ok
    trendmicro Ok
    vipre Trojan.Win32.Generic!BT
    vba32 Ok
    virusbuster Ok

    intre timp a mai aparut o varianta:
    flashplayer.exe bitdefender Ok