Malware That Affected Facebook Users

  • in Blog Posts
  • by
  • September 26, 2012
  • Comments Off on Malware That Affected Facebook Users

Statistics released by BitDefender in 2010 showed that 20 percent of Facebook’s users at that time were exposed to malware being distributed through malicious posts.


Even as people are more aware of malware being spread via Facebook, that number still hovers at 20 percent according to ZoneAlarm.


Over time, Facebook has seen quite a few different strains of malware infect its user base. Below, we will take a look at some of the ones that caused the most damage.




When you talk about Facebook malware, you have to talk about Koobface. After all, the name of the malware is an anagram of Facebook. Koobface was used to steal FTP login information and create a botnet with all of the computers that were infected by it. The main goal was to install pay per install malware on compromised computers and hijack search queries so that certain high paying advertisements could be displayed. Koobface did not, as rumors suggested, delete all of your files and burn your hard drive.





This well known piece of malware is a Trojan horse capable of stealing banking information from infected computers using keystroke logging and form grabbing.


As many computers were infected via phishing campaigns, Facebook’s instant message system became a logical place to infect victims. Over 1.5 million users were sent messages that contained a malicious link used to spread the Zeus Trojan.


Before they were caught, the organization responsible for Zeus was able to steal about 70 million dollars.



When a user comes across IceX, he or she is met with an official looking message from Facebook that claims:


In order to provide you with extra security, we occasionally need to ask you for additional information.
We need to verify your identity with a credit or debit card.
Please enter the information below to continue.


It also has a handy form for you to fill out to include this information so you can get on with playing Farmville and commenting on your friends’ pictures.


What they didn’t tell you is that this really isn’t from Facebook. Its malware designed to steal your card information.


DNS Changer


When a cyber criminal can control your DNS server, they can control the sites you connect to on the Internet. Instead of going to WikiPedia, the New York Times or even your company’s homepage an attack that has control over your DNS can send you anywhere he or she likes.


This is the idea behind DNSChanger. The malware infects Windows based machines and changes the DNS information in the registry. But not only does it change the settings on your local computer, it also attempts to change any devices that are acting as the DHCP server on your network.


Facebook is fighting this malware by identifying any computers that are infected and informing the owners that they will not be able to access the Internet after July 9th, 2012 if they are not cleaned.




Not many people can live without their daily Facebook fix.


So when an email is sent warning them that:

“Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. Thanks, Your Facebook.


you had better believe that people opened up that document.


Of course there was no help for users to reset their passwords. That was all part of the scam to build an army of about 30 million zombie computers.

Comments are closed.