WARNING: Porn Video Worm Affects Facebook, Ow.ly, Amazon Web Services, Box

By David Cohen Comment

MalwarebytesPornVideoWormGraphicUsing pornographic videos as bait to entice unsuspecting users into installing malware is far from a new tactic, but the latest threat being spread around Facebook affects several other services, as well.

Malwarebytes Labs reported that the worm being spread around the social network is likely part of the Kilim family, which has been used to make victims like, share and follow social media pages, eventually spreading itself to victims’ contacts, as well.

This particular worm also leverages and abuses other Web services, including Ow.ly, Amazon Web Services and Box.

Malwarebytes Labs senior security researcher Jerome Segura wrote in a blog post:

The lure is the promise of pornographic material that comes as what appears to be a video file named Videos_New.mp4_2942281629029.exe, which in reality is a malicious program.

Once infected, the victim spreads the worm to all of his or her contacts and groups that he or she belongs to, by posting the following message: “Sex photos of teen girls in school — NEW SCANDAL WHL2R http://ow.ly/{removed} Like Share.”

The bad guys have built a multilayer redirection architecture that uses the Ow.ly URL shortener, Amazon Web Services and Box cloud storage.

Mobile users are redirected toward affiliate pages for various offers.

Desktop users get a different payload, which is a link chosen randomly from a predefined array.

A rogue Chrome extension is injected, but that is not all. The malware also creates a shortcut for Chrome that actually launches a malicious application in the browser directly to the Facebook website.

Clearly, the crooks behind this Facebook worm have gone to great lengths to anonymize themselves but also to go around browser protection by creating their own booby-trapped version.

We have reported the various URLs to their respective owners, and some have already been shut down. However, we still urge caution before clicking on any link that promises free prizes or sensational items.

Readers: Have you seen anything similar to what Malwarebytes Labs described in your News Feeds?

Caution tape image courtesy of Shutterstock.

Advertisement
Advertisement