In association with heise online

19 January 2012, 13:08

Bot blackmails Facebook users

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Users who contract Carberp may get a nasty surprise when trying to access Facebook
Source: Trusteer
Security specialists at Trusteer have discovered a variant of the Carberp trojan that pretends to suspend a user's Facebook account. The malware hooks into the victim's browser and intercepts requests that are sent to Facebook's servers.

When a user tries to access the social network, the malware displays a message saying that the account has been temporarily suspended, and that a payment of €20 is required to verify the user's personal data. Payment is to be made via Ukash – an anonymous payment system that doesn't allow recipients to be traced.

Carberp's behaviour is similar to that of the now widespread variants of the BKA trojan, which lock down victims' computers and claim that they will only be unlocked once a payment has been made. This type of malware is referred to as ransomware; in most cases, paying the ransom has little or no effect.

Carberp is a trojan toolkit that criminals have primarily used to compromise online banking facilities. It spreads using methods such as compromised PDF and Office files, and contains remote control functions that allow it to accept and execute arbitrary commands from the botnet operators.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit