New scams conducted via Facebook and Twitter have been wreaking havoc on users in the last several days, PandaLabs reported.
The first one, Asprox.N, has been identified as a Trojan sent via email informing users their Facebook account is being used to distribute spam. For that reason, the user’s login credentials have been changed. The email includes a bogus Word document attachment, tricking the user into believing it contains the new password. However, when victims open the attachment, the file containing a Trojan will download another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.
The second new malware strain, Lolbot.Q, is spread across instant messaging applications, with a message displaying a malicious link. Clicking the link releases a worm created to hijack Facebook accounts, blocking users’ access while informing the account has been suspended.
To “reactivate” their account, users are asked to complete a questionnaire. After several questions, users are asked to subscribe and submit their cell phone number, which is in turn charges a fee of $11.60 per week. The scam claims the account can be restored only once users subscribe to the service and receive a new password.