MyCERT had received a couple of  reports of on a  new variant of Facebook malware spreading in the wild. It propagates through an FB application. The malware also is targetting users with messages on Facebook, which then link through to a fake Facebook photo page.

The site is designed to appear that the user is still browsing from within facebook. It was also made to appear that the picture was moved and needed to click the ‘View Photo’ button to see it. Clicking the button will download the malicious file.

The file is currently detected by 0 out of 37 antivirus products

* Refer to: http://virscan.org/report/d67fdc5b7dcfa … 0b1fe.html (Result as of 7 January 2011).

If infected, the computer will connect to the command and control server using the IRC protocol and wait for further instructions. Additionally,  sending similar messages to all your friends on the Facebook network.

Command & Control (C&C) Server connection:
Remote Host:Port Number
– 75.y.a.xx:1234
– 66.b.d.xx:1234