Two Malware Strains Hijacking Facebook Accounts

Panda Security has discovered two malware strains distributed off of Facebook but that send spam to accounts on the social network.

Panda Security has discovered two malware strains on that may account for recent scams involving hijacked Facebook accounts posting spam on people’s walls.

The vendor calls the first of these discoveries Asprox.N, identifying it as a Trojan transported via email (see image below) declaring that users’ Facebook accounts are distributing spam that has prompted the social network to change the users to change their login credentials.

The message includes an attachment described as a Word document supposedly contains the new password, but the file has a name Facebook_details.exe and opening it releases a virus that initiates the real spam campaign.

Panda calls the second strain of malware Lolbot.Q, and this one travels via instant messaging applications including those of AOL and Yahoo. Messages contain a link that, if clicked upon, downloads a worm that hijacks Facebook accounts. The bug tells the user the account has been suspended, saying that reinstatement depends on the accountholder completing a survey.

Accompanying these questions are falsely promised prizes, and the last question requests the individual’s cell phone number, which will get charged $11.60 per week — but the scam claims that the social media account won’t get restored unless the user supplies that phone number.

Have you seen or heard about the doings of these malware campaigns on Facebook?