Yesterday evening, a malware distribution campaign using Facebook® as bait made some pretty nasty waves. Apparently legitimate e-mails notified Facebook® users that the passwords to their accounts have been changed due to security reasons. The recipients of this fake notification were supposed to open an attached .zip file in order to find out their new allocated password.
Instead of a new password, the zip file hides Trojan.Dropper.Oficla.G. As its name suggests – Trojan Dropper- this piece of malware contains malicious or potentially unwanted software which it ‘drops’ and installs on the system. Frequently, the dropper installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system.
According to the BitDefender Monitoring Systems the distribution of the spam messages carrying this piece of malware started on the evening of March 17th, 2010. Since then, spam “waves” have reached significant proportions, in some cases more than 200 spam messages being sent out in 30 minutes.
Moreover, the infection rates reflected by the BitDefender Real-Time Virus Reporting Systemindicate the beginning of a massive spreading of Trojan.Dropper.Oficla.G. Although this phenomenon has just started, it seems that it’s just a matter of (quite little) time before the cybercriminals control a huge number of systems.
Infection rates are expected to boom because the social engineering behind this mechanism proves to be efficient. Facebook® is a highly popular social network and accessing it for discussions or for its popular applications has become a daily habit for very many people. No matter why they access the social network, the e-mail informing them about the alleged password change is likely to drive them towards the same result: open the file to take a look inside and ultimately… get infected.
In order to stay safe, BitDefender recommends you to never open the attachments coming from unknown contacts as well as to install and update a complete antimalware software solution.
Information in this article is available courtesy of Daniel Dichiu, BitDefender Online Threats Researcher
Recent shouts