Emsisoft Warns: Zbot Trojan Spreads By Fake Facebook Friend Request
/EINPresswire.com/ The malware analyst team of security expert Emsisoft has detected a new wave of fake Facebook emails leading to malware contaminated websites. Users of the biggest social network worldwide should be very careful with unknown friend requests - they might get infected with the Zbot trojan.
Every Facebook user is familiar with the friend invitation via email on Facebook. The malware analyst team of security expert Emsisoft has now revealed that cyber criminals make use of this system to infect users with malicious software.
Especially fraudulent emails with the subject "Kaamil Mahmoud wants to be friends on Facebook" do not lead to the original Facebook website, but to a fake one as soon as the recipient clicks the "Confirm Friend Request" link.
The fake Facebook page shows the message "Your version of Macromedia Flash Player is too old to continue. Download and install the latest version of Adobe Flash Player". By clicking on "Download and Install", the browser will download a malware file named updateflash.exe - it contains the Zeus trojan, also known as Zbot.
Unfortunately, not executing the file does not mean the victim escapes infection, as the fake Facebook page will also load another address (like hxxp://vampirefishsd.com) in the background. An exploit script being part of the BlackHole Exploit Kit runs on this website.
Christian Mairoll, CEO at Emsisoft: "We advise people to update their operating system and all applications regularly, including security programs. Second, everybody should be careful with suspicious emails: those from Facebook always contain the name of the user and all links point to the legitimate Facebook website, of course. The safest way is to open Facebook manually in the browser and have a look at new friend invitations there."
Media Contact:
Thomas Guenther
Emsi Software GmbH
+49 180 5900 663
http://www.emsisoft.com
PR courtesy of Online PR Media: http://bit.ly/nqVap7
Every Facebook user is familiar with the friend invitation via email on Facebook. The malware analyst team of security expert Emsisoft has now revealed that cyber criminals make use of this system to infect users with malicious software.
Especially fraudulent emails with the subject "Kaamil Mahmoud wants to be friends on Facebook" do not lead to the original Facebook website, but to a fake one as soon as the recipient clicks the "Confirm Friend Request" link.
The fake Facebook page shows the message "Your version of Macromedia Flash Player is too old to continue. Download and install the latest version of Adobe Flash Player". By clicking on "Download and Install", the browser will download a malware file named updateflash.exe - it contains the Zeus trojan, also known as Zbot.
Unfortunately, not executing the file does not mean the victim escapes infection, as the fake Facebook page will also load another address (like hxxp://vampirefishsd.com) in the background. An exploit script being part of the BlackHole Exploit Kit runs on this website.
Christian Mairoll, CEO at Emsisoft: "We advise people to update their operating system and all applications regularly, including security programs. Second, everybody should be careful with suspicious emails: those from Facebook always contain the name of the user and all links point to the legitimate Facebook website, of course. The safest way is to open Facebook manually in the browser and have a look at new friend invitations there."
Media Contact:
Thomas Guenther
Emsi Software GmbH
+49 180 5900 663
http://www.emsisoft.com
PR courtesy of Online PR Media: http://bit.ly/nqVap7
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.