Some 2-3 weeks backs when I was doing facebook, i suddenly got a pop message from an unknown person which has a link for some random video. At that time i didn’t pay any attention to that and continue doing my work, but today when i was reading this blog i came to know that it was actually a malware attack.
The working of this malware could be understood from this flowchart . where in which a random chat window open in Facebok login with some video link and as usual people/user tends to click that link in order to watch it but what really happens is malware gets downloaded (drive by download attack) and infect the machine. After this happens series of events like it makes a hole in the firewall policy of the system by using netsh command or by modifying the registry. At this time it even disables the updates of windows and antimalware scanners keeping the system at the mercy of the attacker. After this it drops the path in the startup so that it starts next time automatically when the system reboots. The malware changes the home pag of all the native browsers like explorer, firefox and chrome. The folowing image shows the command the malware received from the attacker :
Through this command file attacker tries to checks all the chat window of the victims and spread the same type of attack and duplicated over other chat windows also, for example in case of skype attacker uses PostMessageA to post the comment.
Though the spread of worm could be stopped very easily by just killing all the running instances of it and cleaning up the registry. But the things that need to keep in mind while doing social networking is trying avoiding the clicking link from any unsolicited person as it may be an attack to the privacy of your data, these type of attack could only be stopped by knowledge of these attacks.