February 16, 2011 | Bratislava | Press Releases

ESET Advises on Facebook Worms: Beware of Yimfoca and Fbphotofake

BRATISLAVA - Recently, Facebook users were exposed to a slew of worms, including Win32/Yimfoca.AA and Win32/Fbphotofake. Win32/Yimfoca.AA has even ranked in the ThreatSense.Net Top Ten in many European countries, including Austria, Italy, the Czech Republic and Slovakia, for the last few weeks.

According to Marek Polesensky, Malware Researcher at ESET, the Yimfoca worm uses Facebook chat to attack, while Fbphotofake is a social engineering worm which distributes itself and other malware through spam Facebook messages. Polesensky adds: “Yimfoca serves as a backdoor that can be controlled remotely and can also spread through other IM software like Skype, MSN or Yahoo Messenger.” Additionally, Yimfoca can also  download and run other malicious software posted online - including fake anti-virus software, change security settings or deactivate the Windows firewall. Fbphotofake worm foremostly distributes Facebook spam. Users are advised to be careful and not to open suspicious and unknown attachments, or click on dubious links.


Instant Messaging worm Win32/Yimfoca.AA

Instant Messaging worm Win32/Yimfoca.AA


Facebook worm Win32/Fbphotofake

Facebook worm Win32/Fbphotofake


Related to the recent malware attacks, David Harley, ESET Senior Research Fellow, has pointed out that Facebook messaging is increasingly exploited for Nigerian letter scams. “It is standard Advance Fee Fraud, with a little extra oomph in terms of emotional blackmail,” says Harley. He advises users to “be always sure about the identity of the sender and about the IM or Facebook message content.” Randy Abrams, Director of Technical Education at ESET North America notes that  “a part of the problem is that the Facebook culture is anti-security and that is a very tough obstacle for their security professionals.”

Latest Facebook threats:

  • The Win32/Yimfoca.AA worm has been spreading for the last few months, reaching Top Ten in several European countries according to ThreatSense.Net.
  • Fbphotofake distributes Facebook spam. In case of both worms be careful and do not open suspicious and unknown attachments, or click on dubious links.
  • Nigerian letter scams are being spread via Facebook messages as well.

About ThreatSense.Net®

ThreatSense.Net® is ESET’s in-the-cloud malware collection system utilizing data from users of ESET solutions worldwide.  This continual streaming of information provides ESET Virus Lab specialists with a real-time accurate snapshot of the nature and scope of global infiltrations. Careful analysis of the threats, attack vectors and patterns serves ESET to fine-tune all heuristic and signature updates   ̶ to protect its users against tomorrow’s threats.

About ESET

Founded in 1992, ESET is a global provider of security solutions for the home and business segment. The industry leader in proactive malware detection, ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin "VB100 Awards," never to have missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.

ESET has headquarters in Bratislava, Slovakia, regional centers in San Diego, USA; Buenos Aires, Argentina; Prague, Czech Republic; Singapore and malware research centers in Bratislava; San Diego; Prague; Krakow, Poland; Montreal, Canada and Moscow, Russia. ESET has extensive partner network in more than 180 countries. The company is continuously named by Deloitte’s Technology Fast 500 as one of the fastest-growing technology companies in the region of Europe, Middle East and Africa.