Shapeshifter Trojan

CRN is reporting on a new virus spread through Facebook, that disables the user's anti-virus program and then pretends to be the anti-virus program. It recognizes anti-malware programs from 16 different vendors, including McAfee, Symantec and BitDefender.

This new virus is spread using old tricks, specifically the "fake codec" method. Users are encouraged to click and watch a video using hijacked facebook accounts that offer up a video. When they try to watch the video, they're told they don't have the right "video codec" to watch it, and they can install it by clicking a link. Instead of installing the codec, (in this case a fake Adobe Flash Player) they get the new virus. Once installed, the user helps spreads the malware, but posting on their own facebook account more links to the malware.

In this particular case, the fake video actually has the facebook user's name embedded in the title to make it seem even more real to any unsuspecting victims.

This latest socially engineered attack is a good reminder as to why organizations need to have a secure web gateway or web proxy in place to protect users from malware, and to have policies around social networking sites, even the possibility of having a "read-only" Facebook policy.