Dorkbot Malware Continues To Spread On Facebook

Reports have emerged concerning a new worm infiltrating Facebook user accounts by posing as a link sent by compromised friends.

According to Security company, Sophos, the malicious worm is continuing to spread through Facebook chat.

Worm now on chat

The company said that the malware disguises itself as a link pretending to point to an image of two women, but, if clicked, it instead launched a malicious screensaver which then  ran a code to download further malware.

Now using Facebook’s chat facility, Sophos confirmed that “Malware designed to install the Dorkbot worm onto users’ computers is being spread, and, for now at least, Facebook’s built-in security systems are not preventing it.”

“It wasn’t the Facebook friend you are chatting with who sent that message, it was the Dorkbot malware instead. The link may appear – on casual observation – to point to Facebook.com, but in reality it goes to a third-party website,” said Sophos’ senior technology consultant Graham Cluley.

According to Security firm CSIS, which first detected the problem last week, the classic worm causes system infection and logs in as the specific user while it spams messages to friends and acquaintances. “The worm carries a cocktail of malware onto the machine, including a Zbot/ZeuS, variant which is a serious threat and steals sensitive information from the infected machine,” said the company in a statement.

This is not the first time social media has been used to hijack accounts and infect users with malware like  Zeus or its variants, known to focus on stealing online banking information.

Online security companies continue to warn users to be vigilant and not simply download links sent by friends. “Clearly it’s time, if you haven’t already learnt the lesson, to realise that you should always be wary of links shared by friends on social networks – after all, how can you tell it was a friend who sent it or a piece of malware on their computer?” added Cluley.

Last month, Facebook’ newsfeeds were flooded with violent and sexually explicit images as part of a spam attack which tricked users into clicking on links which took advantage of the social network’s cross-site scripting vulnerabilities.