Facebook users should be alarmed. A new worm has been detected crawling through the social network. The worm relies on a complicated redirect mechanism to spread itself that starts with a message on Facebook linking to scandalous images. The worm belongs to the Kilim malware family and is aimed at Google Chrome.
It is not the first time attackers spread worms on Facebook. The enormous social network has proven quite effective for numerous malicious practices. Users easily get tricked into the scheme and become its unaware participants.
Everything usually starts with a message. As soon as a PC is infected, the worm starts sending tempting messages promising access to adult content to the user’s friends.
The worm relies on Amazon Web Services getting the malware downloader. The latter is hosted in an online cloud from Box cloud services.
How Does the Worm Function?
In order to affect personal computers, the browser agent and computer platform must be verified. When mobile devices are targeted, the user is lured into clicking pages that display ads or localized graphic content.
In order to perform those activities, the attackers have built a multi-layer redirection process. The malignant architecture exploits the ow.ly URL shortener, along with Amazon Web Services and Box.com cloud services.
According to malware experts, the worm acts as a Google Chrome extension. Once the user clicks the link shortened by ow.ly, he is first being redirected to an Amazon Web Services page, then to the dangerous videomasars.healthcare page. The latter reassures if the person is using a PC or a mobile device. Depending on the case, the user either is redirected to rogue pages or is asked to download a malicious file kept in a cloud.
It is troublesome that antivirus tools hardly detect it.
A certain amount of the malicious URLs used by the cyber crooks has already been disabled. 不運にも, the criminal mind behind the scheme is one step ahead since the whole operation can be re-arranged if different services are used.
How Can Facebook Users Be Protected?
Experts advise us to be extra careful when receiving links both from known and unknown sources. Always keep in mind that Facebook accounts are easily hijacked by attackers.