The malware tricks users by appearing in their newsfeed as a link to a porn video, which looks like it has been shared by one of their Facebook friends.
If you click on the link, you will then be redirected to a webpage which may look similar to a YouTube style video sharing site. You’ll then see the first few seconds of the video before being prompted to download a Flash update in order to watch the remainder of the smutty movie.
However, you really don’t want to download the ‘Flash update’.
If you do, your computer will be infected with the malware, which will take over your Facebook account and proceed to post porn links to your Facebook page, tagging 20 of your friends each time it posts.
The method of tricking users with an enticing post or link in order to infect computers with malware is of course nothing new, but the fact that this particular piece of malware tags friends of the victim has resulted in the malware spreading rapidly in a short period of time.
Mohammad Faghani, who first revealed the Facebook malware in a post via the Full Disclosure mailing list said: “The trojan tags the infected user’s friends in an enticing post. Upon opening the post, the user will get a preview of a porn video which eventually stops and asks for downloading a (fake) flash player to continue the preview,”
“The fake flash player is the downloader of the actual malware. We have been monitoring this malware for the last two days where it could infect more than 110K users only in two days and it is still on the rise.”
A statement released by Facebook on the Threatpost blog read: “We use a number of automated systems to identify potentially harmful links and stop them from spreading. In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites,”
“We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”
