• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 17th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

BEWRE: Worm Being Spread via Facebook

March 14th, 2015 Waqas Malware 0 comments
BEWRE: Worm Being Spread via Facebook
Share on FacebookShare on Twitter

Facebook users, if you have clicked the Ow.ly link (URL shortening service) then you might have gotten your computers infected by a worm.

The link is being spread by attackers through a post that promises one-of-its-kind of pornographic content. The post is being shared via numerous prominent social media networks such as Twitter and Facebook, reports Malwarebytes.

MUST READ: Facebook Login Bug Lets Hackers Takeover User Accounts with Reconnect Tool

Worm Being Spread via Facebook, leverage cloud services by Attackers

Digging Deeper into the Story:

The worm apparently seems to be hailing from the Kilim family. After infecting the user’s computer it then posts the same link on the walls of all of the user’s contacts and groups.

Kilim manages to hit media networks by installing a malicious extension within the web browser Google Chrome, says senior security researcher at Malwarebytes Jerome Segura.

This malware can easily let attackers post new messages such as a page and allows them to follow users on any social media network as well as send direct messages, explains Segura.

As per Segura’s information the attack primarily targets Chrome and “The goal [of this current attack] is to harvest as many users as possible to create a very large [botnet] consisting of social networks profiles which can be leveraged in various ways, [such as by] reselling Facebook friends and likes, reselling Twitter followers, [and] generating pay per click revenue by visiting sites and clicking ads.”

MUST READ: Facebook users targeted with ‘Wat are u Doing in This Video’ Message Phishing Scam

Segura further revealed that attackers utilize a multi-layer redirection style that controls cloud services. He also added that attackers might be using the same method to “make it harder to pinpoint exactly how the malicI ous redirection takes place, but also to be able to switch services quickly if they get blacklisted.”

The Infamous Link:

When a Facebook user clicks on the infamous Ow.ly link that promises “sex photos of teen girls in school,” it redirects immediately to an Amazon Web Services page and later the user gets redirected to a compromised Box website. The function of this website is to inspect the user’s system. Users are then prompted to download a file and when it is installed the system gets infected instantaneously leading to the download of the worm. It then spreads the Ow.ly link to all contacts of the user on Facebook.

Segura explained the modus operandi of this attack pretty comprehensively in his post. He says: “These offers usually end up being bogus apps or surveys. The file hosted on Box is trimmed down to a minimum size and its only purpose is to download additional components.”

This is typically done to avoid initial detection, but also to allow the bad guys to update the backend code on the server so that the trojan downloader can retrieve the latest versions of each module. After the additional components are downloaded (Chrome extension, worm binary) they are installed on the machine and simply wait for the user to log into Facebook.”

However, users who have clicked on the link via their mobile are taken to an offer page based on their geographic location and language.

Both the Facebook and Box are aware of the attack and the threat of this worm. For addressing this issue, Box is eliminating sharing privileges and deleting files from malicious accounts and is regularly performing security checks by scanning for viruses.

Conversely, Facebook is collaborating with the companies that have been targeted by attackers and the social media giant has blocked associated link as well as stopped the links from being spread on its platform.

Amazon Web Services (AWS) spokesperson in an official statement explained that the “activity being reported is not currently happening on AWS.”

Follow @HackRead

  • Tags
  • Facebook
  • hacking
  • Malware
  • Privacy
  • Scammers
  • security
  • Social Media
  • Worm
Facebook Twitter LinkedIn Pinterest
Previous article Sony PlayStation User Accounts are Getting Hacked, Change Your Password
Next article Famous Games Hijacked for Ransom Through TeslaCrypt Ransomware
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Malware vendor returns with yet another nasty Android malware

Malware vendor returns with yet another nasty Android malware

Pakistani Android users hit by spyware campaign with malicious apps

Pakistani Android users hit by spyware campaign with malicious apps

Fake Trump's scandal video campaign spreading QNode RAT

Fake Trump's scandal video campaign spreading QNode RAT

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
UK Police mistakenly deleted 150,000 arrest records in software glitch
Technology News

UK Police mistakenly deleted 150,000 arrest records in software glitch

2025
Facebook sues developer of data scraping extensions for Chrome
Cyber Crime

Facebook sues developer of data scraping extensions for Chrome

3198
Warning as hackers breach MFA to target cloud services
Cyber Attacks

Warning as hackers breach MFA to target cloud services

5031

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us