Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Wednesday, March 18, 2015

Dirty Facebook worm cuts itself in half to evade detection

Facebook distributing malware is nothing new, nor are shortened URLs for obfuscation, in-the-cloud servers for anonymity or porn as a lure. However the latest Kilim-family variant which hit Facebook last week uses all of them and with a twist: this worm keeps cutting itself in half to evade detection. Jerome Segura, security researcher at Malwarebytes, spotted the worm using Facebook with a lure of what appeared to be a link to pornographic video which, unsurprisingly, actually links to a malicious executable instead. If clicked, this kicks off the social media infection process by leveraging that user's contacts who see a message posted by the victim promising some very dubious pornographic photos. This is where the link-chopping starts with the URL being obfuscated by the use of the ow.ly URL shortening service. That in itself is not newsworthy, however the multi-layer redirection architecture which uses ow.ly in conjunction with multiple cloud platforms (Amazon Web Services and Box.com) is.
Newer Post Older Post Home

Blog Archive




Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.



Simple theme. Powered by Blogger.