Social networks are not only a place for fun, chat and connecting with your friends, they are also a place where cyber-crime flourishes. Just a short time ago a new dangerous variant of a trojan detected by ESET as Win32/Delf.QCZ started to spread via Facebook. The malware has the capability to deactivate AV protection that is not up-to-date. A trojan horse is a type of malaware that pretends to be a useful program, but in fact is a malicious software with harmful aims. ESET security solutions effectively defect and remove this type of malware.
The Win32/Delf.QCZ trojan is especially deceitful as it uses Facebook chat to spread. The incriminated message one receives starts with “Hi how are you” which is purportedly sent by one of the user’s friend list, but in fact is a bot communicating directly, even referring to the user himself in conversation. Additionally, it carries a malicious video link that also mentions the user by name. The user is then prompted to install a Flash player which serves to download the malware.
According to ESET ThreatSense.Net statistics, the Win32/Delf.QCZ trojan has currently registered the highest infection ratio in countries of Central and Eastern Europe like Ukraine, Russia, Belarus, Slovakia, Czech Republic and Serbia/Montenegro and is spreading fast to Middle East. The malware’s share in Israel ranks it in top 8 and already in the Asia-Pacific region Thailand and Malaysia are becoming affected.
Spreading of Win32/Delf.QCZ Facebook trojan across the world
“So how can one protect oneself against this dangerous trojan? First of all, communication with it on Facebook chat is out of the question as it is a computer bot. For non-English language countries, one tell-tale sign might be already that a friend is communicating in English. Second, the video link imitating YouTube looks suspicious as well,” says ESET Malware Researcher Robert Lipovsky. Antivirus software is ever important in this case if the user happens to click the link as it secures the PC against anything that would otherwise take place after the infection gets through. The trojan can misuse its host for criminal activities and spread various other malware.
Based on social engineering strategies, malware developers are turning to social networks to spread malicious code. One recent example, the trojan called Koobface is an especially vicious form of infiltration. Its name is taken from the most popular social network. The Trojan’s main aim initially was to get “noticed” by a way of using attractive messages that were shown in the social networks. The malware then created a botnet, a network of zombie PCs that can be remotely controlled by the attacker.
This is why ESET recommends several security tips when on social networks:
- Always use updated and high-quality antivirus and security software.
- Use caution whenever the conversation looks suspicious: for example when your native chat is not in English.
- Refrain from clicking on suspicious links.
- Adjust security and privacy settings on social networks and friend only people that you know from real life.
- Many third party applications might be the work of cyber-criminals and fall in the unwanted spam category. You do not want to share your private details with these entities.