Now: A virus from blogspot.gr comes with a Facebook message

A new virus is currently circulating at Facebook. It is hidden behind an address of hidemyass.com (an IP and domain hiding service) and leads to a website of blogspot.gr. The virus can not be said to come from a Greek blog as blogspot changes the ending of domains depending on the geographical location of the visitor. But with a better look, things change.

Facebook

Below you can see the message that is trafficked through Facebook. (Our image sent her a friend from us safer-internet.gr)

Facebook Facebook Facebook

If someone clicks on the “ Youtube ” που έρχεται με το μήνυμα του Facebook, οδηγείται στην παρακάτω διεύθυνση.

HidemyassThe page that opens represents Youtube but the video (classic) will not play unless you install “ player. ”

In the blog screenshot below you can see the Greek name used by the malicious user: Note the URL of the page. The title of the publication is brazil sugar (This page is displayed with Firefox)

facebook virus

If you use Firefox you need to download the file (video) that is actually a Windows executable (.exe) file.

If someone uses Chrome and opens the hidemyass URL, the executable file will be downloaded on its own.

See the page displayed in Chrome

facebook virus chrome

The malicious file is downloaded with a different name each time, since the numbers it contains change each time. So the "Private_Video_23429.mp4.exe" next time it downloads changes to "Private_Video_xxxxx.mp4.exe."

virusWhat is happening with the virus now:

We uploaded the malicious file to jotti.org, The virustotal and VirSCAN. You can see the results and which antivirus they recognize.

Read more about the virus and the files it injects into the infected system below:

File identification
MD5 4b9f703bd68443b1705c46f5d1da0b67
SHA1 2586960f6c650a30868a057ad5e7f366b0d7809f
SHA256 550ec29ac59fa79ab4fd51454c07f17bc8f03d46f8ff888497d13998c7dbd6d0
ssdeep
24576: ImOMSPEKigS2 + MeBiNOOSgfaVZTAfejiDvln: mPmg9DUgfuAtD9n
imphash d32519c93924bb24d9874d86c5993ee3
File size 837.5 KB (857595 bytes)
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TRIDEMWin32 Executable MS Visual C ++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win / DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe
VirusTotal metadata
First submission 2014-07-27 14: 15: 49 UTC (4 hours, 41 minutes ago)
Last submission 2014-07-27 15: 17: 33 UTC (3 hours, 39 minutes ago)
File namesfile-7270420_exe
Private_Video_23429.mp4.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Detection ratio:3 / 52
Compilation timestamp 2014-06-06 11:29:14
Link data 12:29 PM 6/6/2014
Entry Point 0x0001D41B
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
CreateDIBSection
DeleteObject
GetObjectW
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
SystemTimeToTzSpecificLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetExitCodeProcess
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
GetTimeFormatW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
HeapCreate
GetConsoleCP
LCMapStringA
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Better sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
MessageBoxW
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
PeekMessageW
GetSysColor
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).