The Russian antivirus company Doctor Web warns against malicious software that appeared on Facebook. The Trojan is spread by means of special fanpages and links that, instead of linking to the footage, run malicious scripts.
At present, Facebook has more than a few hundred pages of names like Videos Mega or Mega Videos, which serve users malicious link hidden under the image Adobe Flash Player. Under no circumstances do not use them, because it can lead to nasty and dangerous consequences.
Clicking on such a link results in a script that does not raise suspicion to update the plugin in a non-suspicious way. If the user agrees, a self-extracting Trojan file will be downloaded to his computer.DownLoader8.5385. The Trojan contains a reliable digital signature issued on behalf of Updates LTD, so installation may not activate security alerts on computers that are not protected by an appropriate antivirus program.
This is one of the suspects. There are hundreds of them on Facebook
DownLoader8.5385 Trojan is a typical malicious program that downloads and runs other malicious files on an infected computer. The program downloads plugins for Google Chrome and Mozilla Firefox web browsers. These plugins were designed to send invitations to various Facebook groups and “like” posts on the social networking site. In addition, malicious extensions can contribute to:
Collect information about Facebook users on the “list of friends” of the infected system owner
– “like” social networking sites or external content
– sharing an album with photos on a given site
– join the groups
– send invitations “join the group” to users from the “friends list”
– posting links on the user’s wall
– change the status of the user
– opening the chat window
– Inviting users to activity
– execution of CMD commands
– download the file from a specific location on the Internet and place it in a designated local folder
– Check that the process set out in the directive is up and running
– Send a list of running processes gathered using the remote server tool
– shut down the designated process
– launch any application