Zhenya Ciurana - Official Author Blog

OKi, so I wonder now how many people will be bitten by this attack.

I was switching applications on facebook from the Profile page to the SocialMe application. SocialMe (or one of the mini-profiles there) has been compromised with a virus / Trojan that pretends to be some Windows anti-virus scan to trick the user into inoculating the system with a fake remedy.

Devious, devious, devious.

Here is what happens:

• The browser's client area switches to what appears to be a Windows Explorer / Virus Scan control panel
• A fake scan "identifies" a number of Trojans and viruses
• The scanner offers to repair the problem by downloading the attack code under false pretenses
• Canceling the download will result in a dialog that won't let the browser quit
• People who don't know any better are likely to eventually OK to get rid of the annoyance and compromise their own system

The most devious part of this attack is the attention to detail that the creators put. If this code ran on a Windows XP system, with a retarded copy of Internet Explorer, users might believe this is a legitimate repair.

REBOOT YOUR COMPUTER IF YOU ARE A WINDOWS USER AND RUN INTO THIS WINDOW (SEE THE IMAGE).  YOU WON'T BE INFECTED IF YOU DON'T INSTALL THE PROGRAM THAT YOU'RE URGED TO DOWNLOAD.  RUN A LEGITIMATE ANTI-VIRUS AFTER YOUR SYSTEM IS BACK ON-LINE.

Please warn your friends on facebook and who use Windows instead of something sensible like OS X or Linux about this problem. If you're technically inclined, you may analyze the code for the HTML/JavaScript attack, and fetch the install_2018-7.exe Trojan.

Remember: friends don't let friends use Internet Explorer. Get Firefox and Safari now!  Think of the children.

Cheers!