updated 12/5/2011 2:54:07 PM ET 2011-12-05T19:54:07

A devious worm found spreading through Facebook messages last week has evolved and is now hijacking users' chats in an effort to compromise their systems and infect them with a dangerous piece of banking malware.

First detected Nov. 29, the worm comes disguised as a JPEG of two blonde women that, when clicked on, drops a variant of the Zeus Trojan, enabling attackers to gain access to infected computers and harvest victims' online banking credentials.

Researchers at the security firm Sophos today (Dec. 5) spotted the same offending JPEG showing up in Facebook chats. They identified the malware as "Dorkbot," and said the messages carrying it come from your actual Facebook contacts, but the fact that they're sending the chats means the worm has already found its way onto their computer, Sophos' Graham Cluley explained.

"It wasn't the Facebook friend you are chatting with who sent that message, it was the Dorkbot malware instead," Cluley wrote.

The link in the chat message appears to point to Facebook's legitimate site, but when clicked, it redirects traffic to a third-party site, which kicks off the campaign to drop the same nasty malware onto your system.

To help keep your computer and banking information secure, avoid all suspect-looking and unsolicited attachments, even if they come from your supposed Facebook friends. With more than 750 million active users, Facebook has become a hotspot for cybercrooks, but there are some basic tactics you can employ to make sure your account stays private and safe. For a list of Facebook safety tips, click here.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments