ZBot malware variant spreading in Facebook -Trend Micro

Facebook users, think twice before clicking on that friend request. Computer security firm Trend Micro warned of a variant of the ZBOT malware that uses domain-generation techniques to extract data from victims' computers. "The message bears a link that the user must click to approve the friend request. Clicking the said link, however, will only lead to a page informing the user that they need to install the latest version of Adobe Flash Player in order to proceed. Unsurprisingly, the downloaded file is not the Adobe Flash Player installer, but a malicious file detected as TSPY_ZBOT.FAZ," Trend Micro said in a blog post. It said the TSPY_ZBOT.FAZ, like most ZBOT variants, connects to a certain site to retrieve a configuration file that contains URLs the malware will monitor. The malware will use the URLs specified by the configuration file to steal credentials and related data. But unlike other ZBOT variants that use a present URL, TSPY_ZBOT.FAZ randomly generates a URL, depending on the system's current date. It said that while this is not the first time ZBOT variants used domain-generation algorithms, using Facebook will potentially fool unsuspecting users. "This usage of the most popular social networking site, however, will definitely hook more unsuspecting users," it said. — TJD, GMA News