The security scouts at Trend Micro had identified an instant messaging worm that is being passed around via social networking sites, namely Facebook. The worm is said to present as a private message that includes a link to a site that is said to contain some images but the website actually contains a zip file that unleashes some rotten malware onto your unsuspecting computer.
According to Trend Micro, the link is a shortened URL that directs people to an archive file, May09-Picture18.JPG_www.facebook.com.zip, which contains the malicious file May09-Picture18.JPG_www.facebook.com. The malware has been identified as Steckct-EVL, which is classified as a high risk for damage potential and distribution potential although it’s not listed as destructive.
Another noteworthy routine is that this worm downloads and executes another worm, one detected as WORM_EBOOM.AC. Based on our analysis, WORM_EBOOM.AC is capable of monitoring an affected user’s browsing activity such as message posting, deleted posted messages and private messages sent on the following websites such as Facebook, Myspace, Twitter, WordPress, and Meebo. It is also capable of spreading through the mentioned sites by posting messages containing a link to a copy of itself.
As much of a pain as this is for Facebook users, when a network like this has nearly 1 billion users, it’s too rich of a breeding ground for these types of nasty malware incidents. Earlier this year, Facebook identified the five hackers who were behind the Koobface worm that is said to have netted the “web gang” millions of dollars.
Fortunately, if you think your PC has contracted the Steckct-EVL worm, Trend Micro provides the necessary steps for removing the insidious bastard.