The link is being spread by attackers through a post that promises one-of-its-kind of pornographic content. The post is being shared via numerous prominent social media networks such as Twitter and Facebook, reports Malwarebytes.
The worm apparently seems to be hailing from the Kilim family. After infecting the user’s computer it then posts the same link on the walls of all of the user’s contacts and groups. Kilim manages to hit media networks by installing a malicious extension within the web browser Google Chrome. This malware can easily let attackers post new messages such as a page and allows them to follow users on any social media network as well as send direct messages.
When a Facebook user clicks on the infamous Ow.ly link that promises “sex photos of teen girls in school,” it redirects immediately to an Amazon Web Services page and later the user gets redirected to a compromised Box website. The function of this website is to inspect the user’s system. Users are then prompted to download a file and when it is installed the system gets infected instantaneously leading to the download of the worm. It then spreads the Ow.ly link to all contacts of the user on Facebook.
Segura,senior security researcher at Malwarebytes, explained the modus operandi of this attack pretty comprehensively in his post. He says: “These offers usually end up being bogus apps or surveys. The file hosted on Box is trimmed down to a minimum size and its only purpose is to download additional components.”
This is typically done to avoid initial detection, but also to allow the bad guys to update the backend code on the server so that the trojan downloader can retrieve the latest versions of each module. After the additional components are downloaded (Chrome extension, worm binary) they are installed on the machine and simply wait for the user to log into Facebook.”
However, users who have clicked on the link via their mobile are taken to an offer page based on their geographic location and language.
Both the Facebook and Box are aware of the attack and the threat of this worm. For addressing this issue, Box is eliminating sharing privileges and deleting files from malicious accounts and is regularly performing security checks by scanning for viruses.
Conversely, Facebook is collaborating with the companies that have been targeted by attackers and the social media giant has blocked associated link as well as stopped the links from being spread on its platform
No comments:
Post a Comment