Monday, March 31, 2014

Facebook IM "LOL Image" is a Worm

There is a bit of malware circulating through Facebook lately. The worm spreads by contacting people through Facebook's Messenger service, pretending to be a friend. The content of the message is the phrase "LOL" with an attachment named to look like an image (IMG_####.zip). When you open the file, it is in fact a Zip archive with a single file inside - IMG_####.jar.

Jar files are Java archives, a means of packaging Java programs for easy transport. In this case, the Java program is simply a downloader - it downloads a Trojan from a particular Dropbox account, which infects the computer and swipes your Facebook login information. It then turns around and sends messages to your friends, repeating the cycle.

The moral of the story? The same as it has been for at least 15 years: don't open unexpected attachments (whether in email or instant messaging services). Pay attention to the file extension - an image is not usually bundled into a .Zip file. When in doubt, contact the sender (preferably through a different channel, such as by phone) to verify that they did in fact send you an attachment.

And if they intentionally sent you a malicious attachment? Well, now you know to have one fewer friend :-)

Thanks to MalwareBytes for bringing attention to this particular case.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.