A dangerous new spamming campaign has been reported by Trend micro that is spreading through Facebook "friend" requests.
The campaign is spreading a Zbot malware, more commonly known as the Zeus Trojan, which attempts to steal confidential information from a compromised computer. The malware is also capable of downloading configuration files and updates from the Internet.
The malware is spreading by sending messages to potential victims through Facebook notifications. When a user clicks the link to approve a "friend" request it opens a page that invites him to install the what is purported to be the latest version of Adobe Flash Player, but actually is an attempt to install a TSPY_ZBOT.FAZ file instead.
This spyware then adds registry entries which enable an automatic execution function at every system startup. It then attempts to steal information such as user names and passwords when targets are logging into certain banking or finance-related websites.
Generally the Trojan.Zbot files used to compromise computers are generated using a special toolkit that is available on the black market for online criminals. The toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.
The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility other vectors may also be utilized, such as bogus email messages purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft.
It is recommended that you double check Facebook "friend" request emails by logging into your account directly to verify the request is your account queue, and always double check unsolicited links sent via email.
Help Support Infosec Island by Tweeting and Stumbling our Articles - and join our LinkedIn Group HERE - Thanks!