Facebook Message Virus alert! Suspicious Private Message with .zip attachment

Facebook Virus Security alert - Suspicious inbox message from friend(s) or others, with a zip file attached, containing harmful jar file inside.

Facebook Virus Alert! A Facebook message virus (or SPAM) is spreading fast!

Few days ago I received a private message in my Facebook inbox from a friend that looks like this:

are you ******* serious??? Why did you upload this?
Screenshot: are you ****ing serious??? Why did you upload this?
Screenshot of the Suspicious Message

From the first glance it looks like you've accidentally uploaded a questionable image and your friend responded back with the image attached! As you can see, the message also had a zip file attached named IMG_01940.zip. However, since I work with Web Security, my instant reaction was: Ah! another Facebook account is compromised by a spammy virus!

I immediately sent a message back to my friend, saying:

... Either you've sent the message to the wrong person or your Facebook account is under attack from a virus, spam or something similar ...

I was not wrong, my friend responded a few minutes later saying his Facebook account was indeed compromised. I was going to ask more questions to know how it happened, but by then he already deactivated his account.

To investigate further myself, I've downloaded the attached IMG_01940.zip file and as I suspected, it contained an executable .jar file inside, named IMG_01940.jar. On most PC with default setting, it'll just look like IMG_01940, just another image for you to open (since .jar extension is hidden by default). So basically this is how it is spreading! People click the jar file thinking it's an image from his friend & bam! Your PC is compromised, just like that!

So, a quick security suggestion for you:

if you receive such private message from your friend(s) in your Facebook inbox, then inform them immediately and don't open the .zip file unless you are sure, it may compromise your PC and Facebook account as well.

Even though this happened to me in Facebook, this may happen to you in any other Social Network, Google+, LinkedIn, Twitter, ... or even email!

Share your thoughts if you have experienced anything similar. Spread the news and be safe!

Leave a Reply

Your email address will not be published. Required fields are marked *