According watchlist Vaksincom, Facebot virus has IRCbot.CMBJ official name is actually a virus that spread itself through IRC and messenger, but morphed spread themselves via Facebook Chat, and because the number of Facebook users are far more common than the IRC and messenger and a lot of the layman and not have a good security habits as currently protected by Facebook administrators of malicious app threat then so many casualties because the virus does not infect computers using apps but the victim and make it as a means of virus spread through the FB Chat.
According watchlist Vaksincom, during the week of 8-9 September 2012 recorded Facebot changed at least twice a virus changes the hosting site. If the initial variant virus files included www.sendspace.com file sharing sites, then change the next variant of the virus file storage location to www.ipic-uk.com, magnetic photo frame vendor sites which provide facility to upload photos. Not satisfied www.ipic-uk.com exploit to spread itself, then Facebot again exploit site adult magazines Spain www.devora ** n.com and put the file the virus at the site. Besides changing the location "hosting" the virus file, Facebot also smart enough to use a random name and file size are different so it is difficult to be blocked by file name, hash md5 or file size. Currently, the only effective way is to rely on antivirus protection you have (specifically Windows OS users) if you are indeed the "itch" and recklessly clicking the file was uploaded your Facebook contacts. But actually, if the receiver does not run the file sent by Facebot file, the virus will not be able to carry out the action and halt its spread.
Successful use Devora ** n
Spread Facebot use sendspace and IPIC-uk.com recorded recorded casualties were quite high, but from the data collected by Vaksincom, the spread of the virus through Devora ** n achieve a very high level and evenly. Both in European countries especially Spain, America,, Middle East, India, China, Indonesia and Vietnam to spread itself smapai very active when the article inidibuat. (See figure 1)
Successful use Devora ** n
Spread Facebot use sendspace and IPIC-uk.com recorded recorded casualties were quite high, but from the data collected by Vaksincom, the spread of the virus through Devora ** n achieve a very high level and evenly. Both in European countries especially Spain, America,, Middle East, India, China, Indonesia and Vietnam to spread itself smapai very active when the article inidibuat. (See figure 1)
Figure 1, Facebot utilizing adult sites Spain Devora ** n to spread itself.
Challenging Facebook
Not a Facebook name that is not to intervene to help users. According watchlist Vaksincom, Facebook administrators working hard to block the file names are spread by Facebot every time there are reports of users of Facebook. (See figure 2)
Figure 2, Facebook is proactively trying to help block the spread of the virus link.
If this virus apps in action on Facebook, we already know the ending, victory will be in the hands of administrators Facebook for apps that spread the virus will live on Boom Shakalaka (aka the delete / disabled by the administrator Facebook). But this time a different story, not the source of virus infection on Facebook apps on the computer but there are in fact beyond the reach victim adminstrator Facebook. So every time a link is blocked by Facebook, then in a short time will come another random link clicked by the victim. (See figure 3)
Figure 3, every time a link is blocked by Facebook, the virus is making a new link
Required by this virus only proper social engineering that victims who receive this link will say "Wow ... Fantastic Baby "and click on the link provided. Apparently this trick has been successfully executed using the site Devora ** n as the host of this file. For fans of adult content, likely to be interested if you get any file from adult sites such as Playboy, Penthouse and Devora ** n. But unfortunately not Wow, Fantastic Baby obtained by the victim runs the file that was sent but that he would get the "Bad Boy and Bad Girl" on his computer because once implemented it will infect the victim computer, delete himself so hard in the detection and began to spread itself through FB Chat to all your Facebook contacts via Facebook Chat.
Further analysis and details about this virus will continue to do. Vaksincom remind you to use antivirus program that can detect the virus and NEVER accept and execute any file you receive, even if it is sent by a friend, girlfriend or whoever, whether bad boy or bad girl. If you need help customers Vaksincom and confront this virus, please contact info@vaksin.com for protection or onsite support for corporate customers Vaksincom.
For those of you who want to know more about it and download the virus removal Facebot, please see the article's first Facebot http://www.vaksin.com/2012/0912/facebot/facebot.html
Source : http://vaksin.com/, September 10, 2012.
Tidak ada komentar:
Posting Komentar