Facebook Spam Campaign Spreading Locky Ransomware And Nemucod Malware Installer

By   ISBuzz Team
Writer , Information Security Buzz | Nov 22, 2016 02:40 am PST

Following the news that there have been reports of a new Facebook scam detected by security researchers over the weekend, Fraser Kyne, EMEA CTO Bromium commented below.

The campaign works by hijacking users’ Facebook accounts and then sending all their contacts an image file over Messenger, so can very easily snowball if even just a handful of victims fall into the trap. Even more worryingly, the security researchers said they have seen it being used to spread Nemucod malware installer and Locky ransomware to victims.

Fraser Kyne, EMEA CTO at Bromium:

fraser-kyne“This looks like a relatively unsophisticated phishing campaign; the hackers have made no visible attempt to target their victims. Those people not only have to click on the bad link, but then have to fall for a pretty suspicious looking webpage and agree to download the extension. You’d  be forgiven for writing it off as a low risk, but the real threat comes from the use of Facebook as a vehicle. People are far more likely to click on a link or download something if it looks like it came from a friend.

“Verizon’s DBIR 2016 showed that nearly a third (30%) of phishing emails get opened; and 12% of users go on to click on the attachment or link, so it’s a lot more common than you might expect in a relatively cyber-aware culture. As with most attacks of this ilk, the bad guys just need a handful of their victims to fall for their ploy in order to be successful, and the self-propagating nature of this particular scam will help to ensure it continues to gather momentum even if most people smell a rat from a mile away.

“Given that so many users check their Facebook at work, there’s a big risk of this attack bleeding through into the enterprise. The best thing for businesses to do to minimise their risk is to ensure employees are aware of this scam. However, experience shows that there will always be one who ‘didn’t get the memo’ and clicks the link regardless. As such, they should also put a safety net in place to ensure users can’t compromise security. The best approach is to use micro-virtualisation techniques to run internet browsing sessions in a completely isolated environment, so even if a victim does fall for the scam, the malware is fully contained and can be eliminated simply by closing down the webpage.”