Feeds

Trojan pokes Facebook for zombie commands

Anti-social networking

Choosing a cloud hosting partner with confidence

Crimeware distributors have begun using Facebook as a command and control channel for a Trojan that turns compromised Windows PCs into zombie drones.

Zombie clients poll the Notes section of the mobile version of Facebook for instructions. Compromised clients might be instructed to download further code from a specified web site or told to wait for commands, for example.

The Trojan spreads via booby-trapped email attachments that take advantage of well-known PDF or Office flaws to infect unpatched systems. These messages pose as email from courier firms and the like.

This has become a very common strategy for targeted attacks, which have replaced mass mailing worms as the main malware danger to business. What distinguishes this Trojan from run of the mill malware is its (experimental) use of Facebook to receive commands instead of traditional botnet control channels such as Internet Relay Chat (IRC). Most of the heavy lifting - such as uploading stolen data - is still done through a web server, however, Symantec researcher Andrea Lelli explains.

"The Trojan is using a Facebook account to receive URLs to contact, and it may post some timedate stamps back to the account, but nothing more than that," Lelli writes. "The real command and data processing is done through the remote URL that was received from the notes, and this URL may point anywhere."

"It [the Trojan] simply uses the standard Facebook functionalities, which in no way are malicious, dangerous or faulty. This particular Trojan is quite limited and seems to be a targeted attack, but it can be considered a precursor of a botnet using a social network as a C&C [command and control] server."

Symantec found the mobile Facebook account associated with the Trojan, established 16 October, showed very little signs of activity. Either hackers have deleted handshakes from compromised boxes that ought to have been exchanged or else the malware is yet to infect anything.

Virus writers have begun experimenting with varied means of controlling botnet clients over recent months. In August, for example, security researchers at Arbor Networks discovered a botnet that used Twitter to relay commands to compromised hosts. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.