A new worm is spreading on Facebook and instant messaging services, distributing a link that leads to a malicious file, a computer security firm warned this week.
Trend Micro said the malicious file, which contains the word “Facebook” in its name, poses as a zip file that contains an executable file.
“We recently received reports about private messages found on Facebook and distributing a link, which is a shortened URL pointing to an archive file “May09-Picture18.JPG_www.facebook.com.zip”. This archive contains a malicious file named “May09-Picture18.JPG_www.facebook.com” and uses the extension “.COM”.”- Trend Micro
Once executed, this malware (detected as WORM_STECKCT.EVL) terminates services and processes related to antivirus (AV) software, effectively disabling AV software from detection or removal of the worm. WORM_STECKCT.EVL also connects to specific websites to send and receive information.
This worm also downloads and executes another worm, one detected as WORM_EBOOM.AC is capable of monitoring an affected user’s browsing activity such as message posting, deleted posted messages and private messages sent on websites such as Facebook, Myspace, Twitter, WordPress, and Meebo.
It is also capable of spreading through the mentioned sites by posting messages containing a link to a copy of itself.
Source: Trend Micro