Malicious programs (malware) "drunk girl" has been circulating on Facebook since the beginning of last December 2014. This malware shaped trapping video with image preview video showing a woman in a drunken with vulgar poses.
Falsifying youtube
If the victim clicks on the Facebook wall posts Girls Drunk and happen to use the Google Chrome browser, it will then be redirected to a phishing site http://atasberita.info/gadis (according to watchlist Vaksincom, at the time of this article the manufacture of this site is no longer active). The phishing site will provide tmapilan are very similar to Youtube , but if pengaksesnya carefully and look at the website address then it is obvious that the site is accessible not YouTube but atasberita.info/gadis.
Do not forget the video look quite tempting because the vulgar given a message you need to have the plugin installed to watch this video. Click here to install the plugin.
According to the observations of network security company, Vaksincom, this malware seen already circulating on social media sites such since last December 3, 2014. Until now, Vaksincom suspect there are already more than 2,000 infected user account malicious programs.
One key to the success of this malware, according to Alfons Tanujaya, Vaksincom analyst, is the cleverness to avoid using a Facebook app that security teams are powerless to act malware removal. The cyber criminals, according to Alfons observations, using a technique that utilizes the Google Chrome extension.
Drunk girls in addition to post on your account will conduct a tag on your Facebook contacts repeatedly
If the victim to click on a video or message the plugin, it will appear confirming the installation of Google Chrome Extension (for the record instead of a plugin / codec but a Google Chrome Extension) with name Top News.
Top Extension News-installed if the user wants to see the videos Drunk Girl
In order for an unsuspecting victim installs malicious extension, after successfully installs Chrome Extension, this malware authors cleverly displays You Tube video Ԅrunk Girls Video Compilation 2013Ԡbagi victims of Youtube
Youtube videos displayed after installation evil Chrome Extension
If the victim had seen the video, most likely thought that the video was promised and the unsuspecting. Whereas in the computer has been lodged malware (in the form of Google Chtomer Extension) which will routinely conduct regular post Drunk girl from his Facebook account and in addition he will also perform tag on friends Facebook account concerned. Malware disguised as the extension will create a Facebook account victims do auto-posting malware "drunk girl" on the Facebook wall .
For the record, YouTube videos are shown actually does not require a plugin or Chrome Extension and by visiting the site directly Youtube videos will be seen.
Drunk Girl expel Malware from Your Computer
After reading the above article, you must already know that the culprit of all this is a Chrome Extension evil and to prevent automated posts the only way is to remove this Chrome Extension. Changing passwords Facebook or delete suspicious apps on Facebook will have no effect because the cause is not two things.
If already be a victim, Vaksincom advised to perform these steps to remove Chrome Extension evil:
- Go to the Google Chrome browser.
- Access Chrome Extension by typing: chrome: // extensions.
- Search Top News Extensions by name or other extensions are suspicious. Currently, in addition to other extensions Top News obtained by Malware Laboratory Vaksincom use IDM Integration Module name. If you see the name of the first laind extension beyond the name, Vaksincom would be grateful if you helped inform the Security Clinic Vaksincom https://www.facebook.com/groups/880787835284533/ to help other Facebook users in Indonesia who are victims of this malware.
- Click the image on the right bins and click the Delete button on the box Confirm Deletion to delete this malicious extension.
- Shut down and restart your Google Chrome. In order to maintain the possibility of unwanted, Vaksincom recommend you change your password and activate your Facebook account TFA Two Factor Authentication on all your important Kaun as primary email account, Facebook and Google in order to prevent theft and misuse of your account.
- After running the above steps, Vaksincom suggested for victims to immediately change the password Facebook account.
Composer: John Gitoyo, S Pd.
Source:
- http://vaksin.com/
- http://tekno.kompas.com/