New Facebook Worm Variant Leverages Multiple Cloud Services

Malware

Social networks are particularly interesting for malware authors because they can be leveraged to spread an infection starting with a single person.

Patient zero can transmit the piece of malware to all of his or her contacts which in turn do the same, quickly becoming viral and affecting hundreds of thousands of people.

We came across a worm that we think belongs to the Kilim family and whose purpose is to compromise a user and spread via Facebook.

The lure is the promise of pornographic material that comes as what appears to be a video file named Videos_New.mp4_2942281629029.exe, which in reality is a malicious program.

Once infected, the victim spreads the worm to all of his contacts and groups that he belongs to, by posting the following message:

Sex photos of teen girls in school – NEW SCANDAL WHL2R http://ow.ly/{removed} Like · · Share

facebook_worm

The bad guys have built a multi-layer redirection architecture that uses the ow.ly URL shortener, Amazon Web Services and Box.com cloud storage.

Read more: Malwarebytes