BACKDOOR DISTRIBUTED AS FACEBOOK MESSENGER APPLICATION

New rouge emails posing as official facebook communication service lead users to a 3rd party website which is distributing a backdoor as Facebook Messenger Application. This rouge email bear a subject as "someuser listed you as his uncle" and make use of real theme to look like  real facebook notifications. In the body of message, it informs for a pending action including a friendship request. It's link is of www.facebook.com but it actually points to some 3rd party website.That new page has an advertisement of a program facebook Messenger which is claimed to be an app for quick access to messages from your Facebook account.
The website contain an an executable called FacebookMessengerSetup.exe for download. According to researchers from Trend Micro, the file is an installer for BKDR_QUEJOB.EVL, a backdoor that opens a connection on TCP Port 1098 and listens for commands.
The backdoor allows attackers to update the malicious file, download and run other malware applications, and launch certain processes. Information about the infected system, such as installed antivirus products and OS version, is gathered and sent to an SMTP server.
we have seend so many password changing and phishing scamsin the faceboook. It's a new type of attack on facebook users. Be sure not to install any this type  of plugins or software which is suspicious in any ways. 

Example of a rogue msg i got from an FB user

Another rogue unwanted msg send by an app called "TheChatPhone"

Posted in: Articles, FACEBOOK