My Bitdefender
  • 0 Shopping Cart

Bitdefender Blog

Could This Be the 'Fawkes Virus'?

by , on 12 November 2011

How suspicious number one looks like

In a blog poston MalwareCity yesterday, my colleagues told you about Anonymous' intention to release a “highly sophisticated”piece of malware via Facebook. While scrutinizing the popular social network, the Bitdefender free tool designed to protect your on-line social life, Safego, encountered something that fits the description provided by the hacking group quite well.

Currently detected by the Bitdefender antimalware solutions as Backdoor-Bifrose-AAJX, this piece of malicious code was initially spotted in the wild around July 8, which corresponds to the date mentioned in the Anonymous video released yesterday. The same day, it appeared on Facebook under the guise of a scam purporting to offer a “New Facebook Video Chat with Voice Features”, according to its description (which, by the way, is in Arabic), if the unwary user follows a link and downloads an archive named  scan_facebook.zip.

Once it compromises a system, Backdoor-Bifrose-AAJXdoes pretty much what the hacktivists say, which is: injects itself in IE process, provides a remote attacker unhindered access to the compromised system, records keystrokes and kills several processes of known antimalware solutions, if installed on the computer. However, it doesn't have the self-replication component Anonymous said it should have. It does connect to a remote server in Egypt instead, which is something the video “forgot”to mention.

So, could this be the newly-born malware superstar called Fawkes Virus? From our experience in detecting, studying and protecting against social threats, a Facebook worm that is well written and backed up by a clever social engineering strategy should be spreading pretty rapidly. Subsequently, it should affect a lot of users lacking protection, whether this protection covers their computers in general or their social networking accounts in particular.

So far, although this threat resembles pretty well what Anonymous purports to be their ultimate weapon in the battle against other groups or individuals undermining their interests, it maintains quite a low  profile. Is Anonymous trying to hoodwink us? Does such malware actually exist? If it does, did Anonymous actually release it or are they just trying to evaluate users' reaction to such a threat?

Together with my colleague from Antimalware team, Razvan Benchea, who helped me with the analysis and to whom I thank for his quick response, we’ll keep a close eye on this malware breed and let you know as soon as something out of the ordinary shows up. Meanwhile, just to be sure that your Facebook accounts are safe and secure, we strongly suggest you take a quick look at our Facebook Security Whitepaperand install our free security solution for social networking, Bitdefender Safego.

 

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

On Nov.14.2011 17:07

Anon said

Re: Could this be the GFV?
No. No it is not.

On Nov.15.2011 07:20

anon? said

Seriously doubt that this is the program.

This connecting to a egyptian server + written in arabic (can someone pin-point what country it is from?) I would guess its either;
1) the anti-israel group from egypt that hacked certain israeli webpages
2)Egyptian gov groups.
3) Mossad.

Daily "Did you know?"

On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.

Authors

  • Bitdefender Security Specialists
    Bitdefender Labs
  • Catalin Cosoi
    Chief Security Researcher
  • Dan Lowe
    Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.
  • Ligia Adam
    Security Evangelist and Social Media Professional
  • Loredana Botezatu
    Loredana Botezatu – E-threat Analyst – Loredana has been writing about the IT world and e-security for well over five years. She has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

Categories

HOTforSecurity