Another malware spreading via Facebook Chat

Is there another worm or malware spreading through Facebook? For the last two days, I’ve been receiving chat messages from my online friends about an app that allegedly gauges how ‘addicted’ someone is. Addicted to who or what, it’s any body’s guess for now, but the message includes a shortened URL using the service. Check out the screenshot on the right. There’s another version of this suspicious message that says:

WTF: G1RL made suicide after her DAD posted THIS mess@ge on her wa11::[shortened URL here]

Worm spreading through Facebook ChatCurious but cautious, I looked for a way to reveal the long URL hidden behind the shortened URL included in the message.

After some Googling around, I found which basically allows anyone to expand the shortened URLs they have to see what the actual long link is without actually navigating to that link.

That shortened URL was revealed to be pointing to a page on the domain spursoland dot info. I checked again using the same service, but this time it revealed a different domain, aclebite dot info. So it means that what or whoever generates the shortened URLs draws its source from a list of domains that are redirected to a suspicious-looking Facebook app which I would get to later on.

Again, curious as to what could be in that site, I used AVG’s Online Web Page Scanner to check if the site contained any malicious code or malware as is common with this suspicious messages and websites.

AVG said that the site spursoland dot info was ‘safe and clean’ I took the great risk of visiting the URl in Chrome’s Incognito mode to try to see where it will lead. It redirected me to a Facebook app called ‘spursoland’ or ‘aclebite’ which is clearly looks like something not to be trusted.

Suspicious FB App
Be careful with this app page. It means trouble.

Clearly, the messages was designed to lure or trick Facebook users into visiting the suspicious app and liking it. From then on I don’t know what will happen next, but probably, the Facebook app will lead users to a website containing more malware that will either infect their PC or attempt to steal some private information like contact’s email addresses, credit card information etc.

The important thing to remember here is, DO NOT CLICK on the links your friends share with you via chat the instant you receive them. Take time to pause and read carefully the whole message. You would immediately sense if something is odd with the message, especially if it seems to be out of the ordinary that your friend would suddenly message you with this particular topic which you know isn’t really one of his or her interests.

The best way to deal with this kind of chat messages is to send a private message to your friend and tell them you ‘received‘ that message from them. If it was automatically sent without their knowledge, then they’d also be surprised to know that the message was sent from their account. It would also be solid proof that their PC has been compromised by malware. So doing an anti-virus scan is needed to fix it. It’s also a good move to change the current password on their social networking account, in this case their Facebook account to help avoid a repeat of this problem.

If you would be curious as to see where the suspicious shortened URLs lead to, you can use online tools, like the ones I’ve mentioned above, to check it out first before opening the link on your browser. But still, it’s best that you do not open the links at all. Hackers and spammers nowadays are targeting social networking sites like Facebook more and more because of their ever growing size and popularity.

2 Replies to “Another malware spreading via Facebook Chat”

  1. Had the same observation. Most of my friends could have been infected of have clicked on the url since i get chat messages from my friends with that described format… Do you know what particular antivirus detects and removes this malware?
    I agree that changing the password for their facebook account will also help…
    I was able to browse a page on facebook about “Facebook Security” that identifies this as a malware too…
    Pretty informative post…

Leave a Reply