Danish Security Firm Discovers Facebook Worm


A Danish security company has discovered a Facebook worm that can lead to the installation of malware capable of stealing online banking passwords.

The worm sends a picture of two good-looking blond women to friends and acquaintances of a hijacked Facebook account. The picture carries a link offering a screensaver. Clicking on the link installs malware in the victim's computer, security company CSIS reported Tuesday.

"The worm carries a cocktail of malware onto the machine, including a Zbot/Zeus
variant which is a serious threat and steals sensitive information from the
infected machine," Peter Kruse, CSIS partner and security specialist, said on the company's site.

A worm is a self-replicating program that sends copies of itself across a network. The Zeus Trojan installed in the Facebook malware logs keystrokes and steals information inputted into forms to gather banking information, such as user names and passwords. The Trojan was first discovered in July 2007.

Security vendor Sophos said that code installed in the latest Facebook worm attempts to download malware hosted on a compromised Israeli web site. The site no longer appeared to contain malware, so it is likely additional web sites are being used to spread the Trojan, the company said.

The Zeus Trojan is well known, so people with up-to-date anti-virus software are likely protected.

Facebook wages a continuous battle against cyber-criminals looking to steal personal information from the sites' 800 million users worldwide. The social network started testing late last month security features to boost password protection for third-party applications and to make it easier for uses to reactivate accounts that the site took down after they were hijacked by hackers.