Alert: Two New Malware Strains Hit Facebook, AIM and Yahoo!

Need further proof that social media sites are now home base for serious malware attacks? Read this: two new malware strains have been launched, targeting Facebook, AIM and Yahoo! users, according to IT security firm PandaLabs.

Need further proof that social media sites are now home base for serious malware attacks? Read this: two new malware strains have been launched, targeting Facebook, AIM and Yahoo! users, according to IT security firm PandaLabs.

The first strain, Asprox.N, is disguised in this email to Facebook users informing them their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, tagged with an icon and the filename Facebook_details.exe.

The file, by design, is really a Trojan that downloads another file and connects to mail service providers in an attempt to spam as many users as possible.

News of this type of targeted attack comes on the heels of our coverage of the hijacking of social networks and Web based services like Facebook, Google Chat and MSN to serve as command and control networks for malware installations.

“Once again cybercriminals are using social engineering to trick victims and infect them with malware,” said Luis Corrons, technical director of PandaLabs. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure victims.”

The second malware strain, Lolbot.Q, targets instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link that, when clicked, downloads a worm that locks users’ access to Facebook while informing them their account has been suspended.

To “reactivate” their account, users are asked to complete a questionnaire and then prompted to subscribe by entering their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.

PandaLabs issues the typical instructions to avoid falling victim to the fraud, reminding users to be wary of any unexpected messages with “unusually eye-catching subjects” and to, “avoid clicking on external links, running executable files or entering personal data into unknown applications or web forms.”

The latest on security threats and what you can do to protect yourself can be found on the PandaLabs blog.