Feeds

Trojan pokes Facebook for zombie commands

Anti-social networking

The Power of One eBook: Top reasons to choose HP BladeSystem

Crimeware distributors have begun using Facebook as a command and control channel for a Trojan that turns compromised Windows PCs into zombie drones.

Zombie clients poll the Notes section of the mobile version of Facebook for instructions. Compromised clients might be instructed to download further code from a specified web site or told to wait for commands, for example.

The Trojan spreads via booby-trapped email attachments that take advantage of well-known PDF or Office flaws to infect unpatched systems. These messages pose as email from courier firms and the like.

This has become a very common strategy for targeted attacks, which have replaced mass mailing worms as the main malware danger to business. What distinguishes this Trojan from run of the mill malware is its (experimental) use of Facebook to receive commands instead of traditional botnet control channels such as Internet Relay Chat (IRC). Most of the heavy lifting - such as uploading stolen data - is still done through a web server, however, Symantec researcher Andrea Lelli explains.

"The Trojan is using a Facebook account to receive URLs to contact, and it may post some timedate stamps back to the account, but nothing more than that," Lelli writes. "The real command and data processing is done through the remote URL that was received from the notes, and this URL may point anywhere."

"It [the Trojan] simply uses the standard Facebook functionalities, which in no way are malicious, dangerous or faulty. This particular Trojan is quite limited and seems to be a targeted attack, but it can be considered a precursor of a botnet using a social network as a C&C [command and control] server."

Symantec found the mobile Facebook account associated with the Trojan, established 16 October, showed very little signs of activity. Either hackers have deleted handshakes from compromised boxes that ought to have been exchanged or else the malware is yet to infect anything.

Virus writers have begun experimenting with varied means of controlling botnet clients over recent months. In August, for example, security researchers at Arbor Networks discovered a botnet that used Twitter to relay commands to compromised hosts. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.