Nemucod downloader spreading via Facebook

[Frands]

Hi  :)

There is some owls in the moor over at Facebook again. Over the last past 24 hours 100.000s of facebookusers around the world has got a message from a facebook-friend that looks like a photo but contains virus. Please be aware of what you are clicking at over at your facebook account- especially if you make use of the Crome Browser. I'm sorry. but I can't find a full news story about it in english, but I have found those two links about it:

https://bartblaze.blogspot.dk/2016/11/nemucod-downloader-spreading-via.html

https://otx.alienvault.com/pulse/5832067bebd09c28cb5d8848/


My search:http://www.b.dk/nationalt/ny-facebook-virus-kidnapper-data-og-kraever-loesepenge-en-farlig-cocktail

[zep516]

Thanks for the information, I was just working with someone and ran into your post

Here's what my user said,

I got a .svg file sent to me from a Facebook "friend".  Against my better judgement, I downloaded the file.  I did a quick search on the internet and saw it is suppose to be a photo file, so thinking I would be safe I tried to open the file.  The file opened up a page in Chrome.  The page looked like a YouTube page, but obviously (to me) was not.  I immediately closed the Chrome window.  I noticed that my Windows Defender protection status was turned off.  I then immediately shut down and rebooted my computer.  Everything looks fine, but I am just wondering if there is anything else I should do (other than not download unknown files from FB friends).

http://www.geekstogo.com/forum/topic/366054-opened-a-svg-file-and-not-sure-if-i-got-infected/

I better double check Chrome now.

[Frands]

I better double check Chrome now.

When you do that, look out for an add-on with the name "UBO" or "ONE" and delete it. The risk is that if you are hit by this virus, it will take over your files such as photos, word documents etc. and you have to pay something like 1.5 bitcoin to get your files back. Make sure you have a backup!

[Corrine]

Good catch, Frands!  Here's an article at BC about it:  Facebook Spam Campaign Spreading Nemucod Downloader and Locky Ransomware.

I've been seeing quite a few articles about Locky lately disguised as spoofed email attachments.

[Frands]

Good catch, Frands!  Here's an article at BC about it

Thank you very much, Corrine, I'm just happy if I can protect someone from useless time and gallons of ice cold coffee at the computer ;). And thanks alot for posting the link. It was just wut I looked out for last nigt but couldn't find.

[Digerati]

I saw through one of those links a user saying Windows Defender was disabled but there is no indication this malware disabled it. I see nothing about any antimalware solution allowing (or blocking) this threat.

And this is only affecting Chrome users of Facebook? https://threatpost.com/nemucod-infections-spreading-locky-over-facebook/122062/