Author Topic: Nemucod downloader spreading via Facebook  (Read 2354 times)

0 Members and 1 Guest are viewing this topic.

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1048
  • Esbjerg, Denmark
    • View Profile
Nemucod downloader spreading via Facebook
« on: November 21, 2016, 09:47:12 PM »
Hi  :)

There is some owls in the moor over at Facebook again. Over the last past 24 hours 100.000s of facebookusers around the world has got a message from a facebook-friend that looks like a photo but contains virus. Please be aware of what you are clicking at over at your facebook account- especially if you make use of the Crome Browser. I'm sorry. but I can't find a full news story about it in english, but I have found those two links about it:

https://bartblaze.blogspot.dk/2016/11/nemucod-downloader-spreading-via.html

https://otx.alienvault.com/pulse/5832067bebd09c28cb5d8848/


My search:http://www.b.dk/nationalt/ny-facebook-virus-kidnapper-data-og-kraever-loesepenge-en-farlig-cocktail
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Offline zep516

  • Malware Experts
  • Sr. Member
  • *****
  • Posts: 274
    • View Profile
Re: Nemucod downloader spreading via Facebook
« Reply #1 on: November 22, 2016, 12:13:18 AM »
Thanks for the information, I was just working with someone and ran into your post

Here's what my user said,
Quote
I got a .svg file sent to me from a Facebook "friend".  Against my better judgement, I downloaded the file.  I did a quick search on the internet and saw it is suppose to be a photo file, so thinking I would be safe I tried to open the file.  The file opened up a page in Chrome.  The page looked like a YouTube page, but obviously (to me) was not.  I immediately closed the Chrome window.  I noticed that my Windows Defender protection status was turned off.  I then immediately shut down and rebooted my computer.  Everything looks fine, but I am just wondering if there is anything else I should do (other than not download unknown files from FB friends).

http://www.geekstogo.com/forum/topic/366054-opened-a-svg-file-and-not-sure-if-i-got-infected/

I better double check Chrome now.
You're only as safe as your last update.

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1048
  • Esbjerg, Denmark
    • View Profile
Re: Nemucod downloader spreading via Facebook
« Reply #2 on: November 22, 2016, 08:20:05 AM »
Quote
I better double check Chrome now.

When you do that, look out for an add-on with the name "UBO" or "ONE" and delete it. The risk is that if you are hit by this virus, it will take over your files such as photos, word documents etc. and you have to pay something like 1.5 bitcoin to get your files back. Make sure you have a backup!
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19604
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Nemucod downloader spreading via Facebook
« Reply #3 on: November 22, 2016, 12:06:05 PM »
Good catch, Frands!  Here's an article at BC about it:  Facebook Spam Campaign Spreading Nemucod Downloader and Locky Ransomware.

I've been seeing quite a few articles about Locky lately disguised as spoofed email attachments.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Frands

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1048
  • Esbjerg, Denmark
    • View Profile
Re: Nemucod downloader spreading via Facebook
« Reply #4 on: November 22, 2016, 01:40:51 PM »
Quote
Good catch, Frands!  Here's an article at BC about it

Thank you very much, Corrine, I'm just happy if I can protect someone from useless time and gallons of ice cold coffee at the computer ;). And thanks alot for posting the link. It was just wut I looked out for last nigt but couldn't find.
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Online Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1061
    • View Profile
Re: Nemucod downloader spreading via Facebook
« Reply #5 on: November 22, 2016, 02:23:06 PM »
I saw through one of those links a user saying Windows Defender was disabled but there is no indication this malware disabled it. I see nothing about any antimalware solution allowing (or blocking) this threat.

And this is only affecting Chrome users of Facebook? https://threatpost.com/nemucod-infections-spreading-locky-over-facebook/122062/


Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018