Facebook is still holds the throne as king of social networking. Just look at stretching its users, as continues to grow relentlessly. Facebook mania also joined the phenomenon spread to Indonesia, where the country currently occupying the position of runner-up in terms of number of users.
Only, Facebook's growing popularity is also attractive glossy makers of malicious programs. Attack of the cyber criminals is also done in various ways, ranging from launching a scam to take advantage of applications, offering video porn / bombastic, to enter the chat service.
Well, the last mode lately become increasingly prevalent weapon to deceive the victim. If you are familiar with one variant of a worm that spreads via chat like IM (Messenger) or Skype, then it should be wary, because it has received reports of attacks Vaksincom worm / rootkit that spreads using the chat messages on Facebook.
"Since mid-August until now many computer users are already infected by the worm / rootkit is, and variants are detected as W32/Kolab.xx (Trojan.Click1.xxxx)," explained Adi Saputra, analysts from security companies to ITGazine Vaksincom Friday (09/09/2011).
Noted, has dozens of variants detected since August, and one of the variants even almost all leading antivirus can not detect the worm / rootkit is in early September.
Impact of Infection
Adi explained, generally intended victim will receive chat messages on Facebook from one of his friends. Chat messages are then gave a specific link.
"Remarkably, Facebook account is infected by the virus has not changed at all. There is not even pop up the FB Chat is open. What is required by this virus is just a Facebook account is being logged it," he said.
Most likely this is happening so that victims do not realize that computer viruses have been infected by Kolab/Click1 and spread a lot of Facebook Chat to friends who drive to download the virus.
If you click a link on the chat message, then automatically file will be downloaded into the computer. And if you run the file, then your computer is definitely infected.
Difficult to eradicate
Kolab/Click1 no processes or services running on Windows, making it difficult to find and turn off the presence of worms / rootkits it. However, the worm is actually riding on the svchost.exe file belongs to Windows, so you'll be hard to kill him.
"If you force shut down svchost.exe file, the computer will blue screen. Including if you try to scan using certain tools like GMER, tools used to detect rootkits," said Adi.
He added, though no processes or services running on Windows, use the file svchost.exe Kolab/Click1 Windows to do a broadcast on the IP-specific IP.
"To be able to walk freely without barriers, Kolab/Click1 register the program on Windows Firewall, so it is possible to connect and broadcast," Adi insisted.
发表评论