The latest Facebook Trojan infection is done by the trick of showing a fake Shocking Video of yourself and lure you to click on it and infect you in a painless way. The high level explanation is that it will inject a Trojan into your computer and act as your antivirus without you knowing it. It sounds easy to prevent from the high level point of view, but if you see in detail on how the attacker trick you step by step starting from the Facebook video, you will be amazed and this Trojan which is called, FakeAV.LVT is a whole new generation of Trojan infection.
Facebook Trojan – How It Works?
Phase 1 – Show Video
At first, you will receive a message and see something like “Check out Your Shocking Video” which has your name attached to it and also it is usually spelled correctly as it is obtained directly from Facebook. The chances of you clicking on the play button is still not high yet until …
Phase 2 – Make Use of Your Friends
Plenty of your Facebook friends commented on that video. You got no choice, because you are extremely curious why so many of your friends criticized that video. You really want to see how bad you suck into that video and hence you clicked on the PLAY button.
Phase 3 – Begin Trojan Download
When you clicked on the PLAY button, the screen will says you need to update your Adobe Flash player. You begin to lose your mind that you should not simply just update your software without going to the official site. You are really anxious to see how bad you suck in that Facebook video. Once you click on the ‘Download latest Adobe Flash Player Now’, you are doomed.
Phase 4 – A New Commander In Charge
As you are still thinking that you are downloading the Adobe Flash player from the Facebook video, you are actually welcoming a new Trojan into your computer. This Facebook Trojan hides himself as the Flash Player identity and get into your registry to change certain value to make himself an authorized application to your antivirus. To further ensure its effectiveness, it also disable all your antivirus notifications.
Phase 5 – Assassination of Your Body Guards
Why this Facebook Trojan is a new level of Fake Antivirus Trojan is simply because it does not work like the traditional method. The old way, it will tell you that you had an infection and ask you to purchase a fake antivirus to clean it. The modern way is, it will personalize itself as your current antivirus and tells you that you had an infection. Isn’t this cool? It further says that you need to restart in order to clean that antivirus and therefore you restarted. But wait, while you are restarting, it actually queued your current antivirus and all your security software for uninstallation. So when you restart the next time, it is going to be on safe mode where all your so called body guards are assassinated. It’s a trap, but you won’t know anything about it.
Phase 6 – The New King Had Taken Over
After the safe mode reboot, your antivirus will be completely taken over by the Facebook Trojan. This Facebook Trojan will then frequently download a list of IP from a site where this list of IP are the list of computer infected by this Trojan. These infected computers will exchange malicious code from time to time and keep in contact as well. Now hackers are talking about teamwork as well.
Facebook Trojan – What’s Next?
Phase 7 – RIP
Phase 7 is the place where your OS is going to Rest in Peace after that. If you don’t want this to happen, be sure you know what you are doing in your Facebook account. Do not update anything from an unknown site especially Adobe Flash. Try to get the latest update from Adobe itself.
Last but not least, do not forget to ‘Like’ the IT Security Column Facebook Page to get more IT security news and updates.