Security researchers have warned that the infamous Zeus malware is once again spreading on Facebook, after attackers used compromised accounts to post spam messages disguised as photos.
Facebook users clicking on the photo message are redirected to a third-party attack site that automatically downloads a Trojan installer which includes the Zeus code.
"By definition, social networking is social. Facebook is built to easily allow people to share pictures, videos and other content, and people trust what they receive from their friends," said Mike Geide, senior security researcher at Zscaler ThreatLabz.
"Malware, such as this recent example, can take advantage of the sharing mechanisms and users' trust of their friends within social networking."
Security firm Sophos monitored a similar attack, although the company said that the malware payload had been removed from the attack site that it had tracked.
Sophos senior technology consultant Graham Cluley noted that the use of compromised accounts are especially effective in spreading such attacks.
"The danger, of course, is that one of your Facebook friends may have had their account compromised," he said in a blog post.
"Maybe they were sloppy with their password security, or gave access to a rogue application and you might be tempted into clicking on a link seemingly posted by them."
Spaces are filling up fast
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users