Facebook chat messages containing malicious links are being sent from compromised Facebook accounts. The messages are typically sent to all of the compromised user’s friends.
The distribution of the malware includes the following steps
- Legitimate website is hacked
- A new folder is created on the hacked site including malware (an executable file)
- Phony Facebook application pages are created which automatically link to the hacked site
- Compromised Facebook accounts are used to spread chat messages linking to the phony Facebook applications and subsequently to the download of the EXE file.
The Facebook chat messages include text such as “hahahah foto” and the phony Facebook application pages are also photo-related such as “cytepic” and “artephotos”.
Facebook have been quick to remove the phony Facebook application sites. In addition the compromised site removed the malware posted on their site. The hacker’s page on the compromised site is still in place though.