Search the Community

Showing results for tags 'infected'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • News and Announcements
    • SUPERAntiSpyware Blogs
  • SUPERAntiSpyware Free Edition and SUPERAntiSpyware Professional
    • Frequently Asked Questions
    • General Questions
    • SUPERAntiSpyware Centrally Managed Solution
    • Marketing and Promotion
    • Suggestions
    • False Positives
  • Malware Removal
    • Malware Removal Discussion
    • Malware Diagnosis and Help
  • SUPERAdBlocker
  • SUPERAntiSpyware Pre-Release
  • Other
    • Off Topic

Found 1 result

  1. Facebook Malware Attack We’re receiving reports that Facebook is being used as a new vector for executing malware attacks, specifically as a means to distribute the Locky ransomware. While the ransomware variant is not being hosted directly on Facebook, this new version is being hosted in a peculiar way. The attack starts by a presumably infected machine sending out a message to people in your friends list. This message is actually a SVG (Scalable Vector Graphics) file that is being masqueraded as an image for you to download to view. Once the file has been downloaded and opened, the payload is delivered. Because of the way SVG files work, JavaScript can be embedded into those files and opened with a modern web browser. That JavaScript will then execute and direct the user to a website that mimics YouTube, but with a completely different URL. Once on that site, a popup is pushed to the user asking them to download a certain extension on your machine in order to view the video. After the extension has been installed, the attackers have the ability to view and alter data regarding the websites you visit, as well as access your Facebook account in order to message all of your friends with the same SVG file. The payload is delivered through the Nemucod downloader Trojan, which has been known to download copies of Locky on victim’s PCs. While Google and Facebook have been made aware of this attack, it is possible that proper remediation could take time. The best course of action if you receive such a message is to ignore it, clear your conversation history with that person, and report them to Facebook as having a compromised account. If you have already been infected by this attack, there’s not much you can do outside of removing the offending extension in Chrome by going to Menu > More Tools > Extensions and check to see if either Ubo or One extensions are listed. This is also a good time to remove any unknown extensions that are installed as well. Remember, once you have been locked out of your system by a piece of ransomware, your options for recovery are only as good as the backups you have made. Keep your backups up-to-date, and save your data on an outside drive as frequently as possible. Once a ransomware infection has taken place, any attached drives to your network are at risk. Never keep your backup drives attached to your machine when they are not in use.