Mentioning Facebook, perhaps there is no onliner who doesn't know it is one of the most popular virtual social networking sites. It's not natural that Facebook is enthusiastically welcomed by the community. Its openness in connecting friends and updated information have brought about such success. Facebook now enjoys more than 300 millions active members all over the world. This popularity has, unexpectedly, been assisting hackers in obtaining their bad aims, like phishing or spreading malicious code, and so on. Recently, if you remember, a worm named Koobface propagated widely just by posting comments with noticeable content and links containing viruses.
To take full advantage of the wide Facebook member network, hackers have non-stop searched for new and more effective methods. Our honeypot system has just discovered a new virus family which propagates by sending emails imitating to be from Facebook's administrating team.
This virus (recognized as W32.FacePass.Worm by Bkav), after its execution, will dump a backdoor which receives commands from the control server with Russian domain name "apsight.ru" and, at the same time, delivers dummy emails containing malicious code. After trying to connect to the control server, I got an interesting response:
It's not clear whether the hacker's server is under a backward DDoS attack because too many people are fooled, or this is simply a coding error that the hacker had mistakenly made. However, the first explanation seems to be more reasonable, because the hacker must have tested carefully before spreading the virus into the wild.
Once again, I strongly advise that you should take great care with information from the Internet, especially emails from unknown origins. Besides, it's advisable that you use antivirus softwares to scan and to remove all the viruses out of emails before opening the attachments.
Analyst: Cong Thu