Trojan on Facebook?

The constant threat: viruses, trojans, spyware, ... the list goes on

Trojan on Facebook?

Post by Dwere13 on Tue Sep 23, 2008 8:15 pm
([msg=12394]see Trojan on Facebook?[/msg])

So, I was invited to join a group on facebook - worry not, I never actually join those groups - which was advertising a file download to enable boycotting the "new" facebook. Saw the file was a .exe and what not. I suspected it was a virus immediately. Asked my mate online, and he checked it out, said that he figures it's a trojan.
chat log: Gary: yeah, that's DEFINITELY a trojan of some kind
it installs itself as C:\WINDOWS\system32\services.exe
using a name that looks like a system file = trojan

Anyway, anyone have any input as to how effective that would have been? Was? Is? And how to possibly alleviate some of the affects it had on the people who joined and downloaded? PS: The file is listed in the news, or in the group description.

Link here: http://www.new.facebook.com/s.php?ref=s ... 6522987210
Dwere13
Experienced User
Experienced User
 
Posts: 68
Joined: Sun Sep 21, 2008 1:59 am
Location: BC
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by Zelth on Tue Sep 23, 2008 9:08 pm
([msg=12399]see Re: Trojan on Facebook?[/msg])

Thanks for posting this. I warned my friends about it. I even wrote a Note on Facebook saying not to install that or join that group. :D
Z~Epsilon
Newbie Programmer
Learned: HTML, XHTML, CSS
Learning: PHP, C++
Zelth
Poster
Poster
 
Posts: 149
Joined: Mon Sep 08, 2008 7:45 pm
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by Dwere13 on Tue Sep 23, 2008 9:33 pm
([msg=12401]see Re: Trojan on Facebook?[/msg])

There's a clone group, with twice the number of members. It's original intent was a loop hole BACK to the old facebook, but it was the same creator, and I believe the loophole consisted of a DIFFERENT virus, though I've no PROOF of that.
Anyway, the group was edited by the creator to include the trojan in the description as well.

But yeah, I figured I'd avoid posting anything publicly on facebook as to avoid being targeted by the creator, should he be a WORTHY opponent, but here is not facebook, so I'm not as worried. I figure this is the safest place to post, in a place full of active apparent "white hatters" though as many people have mentioned, *hatter is not an appropriate categorization of hackers, but you all know what I mean.
Dwere13
Experienced User
Experienced User
 
Posts: 68
Joined: Sun Sep 21, 2008 1:59 am
Location: BC
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by dontfuckwithme1 on Wed Sep 24, 2008 1:49 am
([msg=12418]see Re: Trojan on Facebook?[/msg])

:? :?
Last edited by dontfuckwithme1 on Wed Sep 24, 2008 3:35 am, edited 1 time in total.
dontfuckwithme1
New User
New User
 
Posts: 5
Joined: Tue Sep 23, 2008 4:29 pm
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by Nines on Wed Sep 24, 2008 3:27 am
([msg=12422]see Re: Trojan on Facebook?[/msg])

services.exe is a Windows system file! :shock:
User avatar
Nines
Poster
Poster
 
Posts: 191
Joined: Sun Apr 13, 2008 5:57 pm
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by dontfuckwithme1 on Wed Sep 24, 2008 3:34 am
([msg=12423]see Re: Trojan on Facebook?[/msg])

lol ><
well i'm completely computer dumb hence trying to start learning something,
plus being paranoid due to the fact my own computer is being hacked into doesnt help
dontfuckwithme1
New User
New User
 
Posts: 5
Joined: Tue Sep 23, 2008 4:29 pm
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by Dwere13 on Wed Sep 24, 2008 9:21 am
([msg=12427]see Re: Trojan on Facebook?[/msg])

Nines9 wrote:services.exe is a Windows system file! :shock:

I'm not positive if he's right, though I expect he is, he surpasses me quite a bit as far as computers go, and as I showed in the chat log, he says that anything installing itself with a name that looks like a service file = Trojan. So, yeh. Not a good situation. Lets just hope facebook staff take action soon enough.
Dwere13
Experienced User
Experienced User
 
Posts: 68
Joined: Sun Sep 21, 2008 1:59 am
Location: BC
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by myhexhax on Wed Sep 24, 2008 9:48 am
([msg=12429]see Re: Trojan on Facebook?[/msg])

Can anyone download this and send it to me? (Don't run it! Unless within the context of a virtual machine or a network isolated box) I wanna open it :] lol

(I don't have a facebook account, and I really don't have any intentions of setting one up right now..)
gniripsni ewa si rehte eht morf cisum siht
myhexhax
Poster
Poster
 
Posts: 217
Joined: Tue Sep 16, 2008 2:19 pm
Location: Between the ether and the information superhighway
Blog: View Blog (0)


Re: Trojan on Facebook?

Post by myhexhax on Wed Sep 24, 2008 9:27 pm
([msg=12496]see Re: Trojan on Facebook?[/msg])

Well, I installed "Old Facebook Setup" (affectionately referred to as 'setup2.exe') and I got a lovely IE toolbar installed to. It attempted to launch firefox twice after setup, and then finally opted for IE, showing me this page of all the nice things this toolbar does.

Image

The "Old Facebook" button redirects you to: http://www.facebook.com/?fbnew_opt_out=1
Using the search bar employs the site: search.conduit.com

(don't mind the other toolbars.. this is my ad/spyware computer lol)

Unless you like adware, don't install it ^^ I never heard of the Oldface toolbar before... apparently it's new x]

Hope this helps, lol.

(I may do further analysis, but it seems fairly uninteresting, and I didn't install it from a clean environment, so I won't be able to know what ads are coming from where)
----------
Upon further inspection, it sort of looks like a bastardized version of the Google Toolbar, only that you can install weird widgets, most of which seem to be pictures that don't actually do anything (this one is a game, and doesn't seem to be functioning too well..)

Actually after visiting http://www.ourtoolbar.com/ , it's revealed that Conduit is a free customizable toolbar that you can make your own version of... no idea why, but I would bet ad-supported..
gniripsni ewa si rehte eht morf cisum siht
myhexhax
Poster
Poster
 
Posts: 217
Joined: Tue Sep 16, 2008 2:19 pm
Location: Between the ether and the information superhighway
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests