Avast File Shields Caught "CC Dropper Trojan" on Facebook

[Daris]

Hey all...I Just checked Facebook notifications, and clicked on a buddy's notification ...said that " Is That You in the Funny videos Daris?" I clicked on it and it said to view this video I need 10.1 version of Adobe Flash Player...well I was not thinking and should have known that I already had Adobe 10.1...well I clicked on it anyways and Avast shield came up...Knocked me off Facebook and stopped to CC Dropper Trojan...So after about  a few minutes I restarted and when I tried to open Firefox again the Files Shield stopped another JPG. Image of CC Dropper..Anyways I did a few Scans with Avast and Malwarebytes and all is good nothing further was found....Sure Glad Avast intercepted that... It said " Avast has Blocked and Deleted CC Dropper trojan and no furher action is required..Well folks that same Notification on my Facebook from that friend of mine was also sent to my Email...I found it right away and Deleted that Email with no problems....Just goes to show how safe your Facebook really is....

[DavidR]

Facebook and any number of social networking sites are a huge target for malware and I'm not surprised that avast alerts as there are adverts/banners, etc. that are in all facebook user areas and they can be used to redirect to malicious sites or run exploits.

Curiosity killed the cat and could well do the same to your system, the buddy system on facebook is a joke as you are unlikely to know them all (not to mention your buddies account could have been hacked/compromised) and this is a common tactic to get you to click on a link.

[polonus]

Hi malware fighters,

More general info on the facebook malware spread:


The subject of smileycentral.com / cursormania.com has been covered several times,
but as this group's adware is malicious and currently prevalent (Facebook is a major source!!!)
here follows a list of the related sites discovered so far - some are quite new.

artisticsmiley.com
artistssmiley.com
blastdirect.com  * for example infected: BlastDirect.com-iWon:63.236.75.0 - 63.236.75.255
boardsmiley.com
boardsmileys.com
centersmiley.com
chat-smiley.com
chatsmileys.com
chat-smileys.com
classicsmiley.com
comicsmileys.com
creativesmiley.com
csmailserv.com
cursormania.com
directsmiley.com
dotspot.com
easysmiley.com
email-smileys.com
excite.com
focusinteractiveinc.com
funbuddyicons.com
funwebproducts.com
getzwinky.com
greatsmiley.com
happiest-faces.com
historyswatter.com
i1img.com
imgfarm.com
iwon.com
kiddonet.com
maxserving.com
mindspark.com
mindsparkadvertising.com
myecardsonline.com
mymailsignature.com
mysearch.com
myway.com
mywebsearch.com
popswat.com
popswatter.com
popularscreensaver.com
sendthesecards.com
smiley-4you.com
smileyarcade.com
smileybuzz.com
smileycentral.com
smileycentral.jp
smileyforyou.com
smileyhit.com
smileylink.com
smileys4you.com
smileys-central.com
smileys-market.com
smileys-world.com
webfetti.com
www64.mindspark.com
zwinky.com
iaccap.com
name1.iaccap.com
ns1.iaccap.com
tn-14.iaccap.com
66.235.119.14
66.235.126.14
66.235.126.45
66.235.126.46

More sites to be added.
If anyone is infected with this crapware, the best tool for removing it is Malwarebytes Anti-Malware - download from: http://www.malwarebytes.org/mbam-download.php

polonus

[YoKenny]

All of those smileycentral.com / cursormania.com sites are blocked by my HOSTS file.

@ Daris

Go to PROFILE then Modify Profile then Forum Profile Information then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.

In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesting your hotmail.com email address.

[polonus]

Hi YoKenny,

While seeing your comments when I come to list these suspect/malcode/malvertiser sites, I  more and more reach the conclusion that I should deeply respect your HOSTS file, it is a formidable "old school" weapon in the battle against malware....since I first found in-depth info about the use of hosts files via "Richard-the-Lionhearted", a stout hostfile expert,


polonus

[YoKenny]

Is not my HOSTS file but from hpHosts and MVPS HOSTS files updated by HostsMan not "Richard-the-Lionhearted"

By the way both HOSTS files had a big update yesterday.

[polonus]

Hi YoKenny,

RichardtheLionhearted had a site on the subject, see this report: htxp://jsunpack.jeek.org/dec/go?report=141ff9d6ef0a9d0df7a639ce53f18da497954fef
, but it became hacked by dsnextgen malcode
http://safeweb.norton.com/report/show?url=www.dsnextgen.com&x=11&y=4

polonus