Sebuah virus komputer yang memanfaatkan popularitas Facebook menyebar via email. Untuk mengindarinya, simak ciri-ciri email pembawa virus tersebut dalam lanjutan analisa Vaksincom soal virus Facebook berikut ini: 

Untuk menyebarkan dirinya virus Facebook akan mengirimkan email ke semua alamat email yang telah diperolehnya dengan melampirkan sebuah attachment dalam bentuk ZIP. Bagi Anda yang mempunyai account Facebook harap berhati-hati jika menerima email yang seolah-olah berasal dari Admin Facebook karena kemungkinan email itu berisi virus.

Email yang akan dikirimkan akan mempunyai ciri-ciri sebagai berikut:

From            : The Facebook Team"
Subject        : Facebook Password Reset Confirmation.
Attachment : Facebook_Password_xxx.zip (Facebook_Password_xxx.exe)
Message      :

Hey [nama penerima email],

Because of the measures taken to provide safety to our clients, your password has been changed.

You can find your new password in attached document.

Thanks,
The Facebook Team

Catatan: xxx adalah karakter acak

Jika kita telurusi dengan menggunakan bantuan sebuah tools monitoring jaringan seperti etherial atau wireshark maka dapat dilihat dengan jelas bahwa komputer yang telah terinfeksi virus berusaha untuk mengirimkan email ke sejumlah alamat yang telah ditemukan dengan menyertakan sebuah file attachment yang berisi virus.

Selain mengirimkan email yang seolah-olah datang dari Admin Facebook, ia juga akan menjadikan komputer yang terinfeksi sebagai server spam dengan mengirimkan email ke sejumlah alamat email yang didapat.

Mengundang Antispyware palsu “Security Tools”

Aksi lain yang akan dilakukan oleh virus Facebook adalah akan mendownload dan menginstal sebuah program antispyware palsu dengan nama “Security Tools”. Antispyware palsu ini akan memberikan informasi palsu dengan menampilkan sederetan nama virus/trojan yang berhasil di deteksi, informasi palsu ini biasanya akan ditampilkan secara terus-menerus pada waktu yang telah ditentukan.

Jika user mencoba untuk melakukan aksi pembersihan dengan menggunakan software palsu tersebut maka ia akan menampilkan layar agar user melakukan pembelian software tersebut, jika muncul hal ini sebaiknya Anda abaikan saja karena anda tidak akan mendapatkan software antispyware tersebut.

Antispyware ini akan secara membuat beberapa file berikut agar dirinya tetap aktif:

• C:\Documents and Settings\All Users\Application Data\47543326
• C:\Documents and Settings\Elvina\Desktop\security tools.lnk
• C:\Windows\temp\_ex-08.exe
• C:\Documents and Settings\Elvina\Start Menu\Programs\security tools.lnk

Sebagai pendukung agar dirinya tetap aktif, ia akan membuat beberapa string pada registry berikut:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
47543326= C:\DOCUME~1\ALLUSE~1\APPLIC~1\47543326\47543326.exe
PromoReg = C:\WINDOWS\Temp\_ex-08.exe

HKEY_LOCAL_MACHINE\SOFTWARE\47543326

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network
UID = %user%_00127065

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
Rlist

Aksi yang dilakukan oleh antispyware “Security Tools”

• Menampilkan pesan notifikasi bahwa komputer telah terinfeksi virus/spyware
• Menampilkan konfirmasi update database Antispyware Security Tools
• Restart komputer pada waktu yang teah ditetukan dengan menampilkan layar “Blue Sreen” seolah-olah terjadi error pada system/hardware komputer yang telah terinfeksi.
• Mengganti walpaper/desktop Windows (sumber Vaksin.com)
  

Comments

Add New Search

dfian  - re-confirm     |202.91.9.xxx |2009-11-07 16:21:34 thx sob.. link nya dah ku ganti jdi wongapik.com salam jabat Reply | Quote 0   0

beditr  - thanks     |125.163.185.xxx |2009-11-09 17:29:18 Terima kasih infonya.. artikelnya bagus... Reply | Quote 0   0

netmild  - Tips Trik | Informasi | Hacking | Download softwar     |114.56.154.xxx |2009-11-09 17:34:36 info menarik gan..baru tau ni Reply | Quote 0   0

Ryu     |118.96.78.xxx |2009-11-10 19:35:29 Sekedar tambahan, virus ini ga akan bisa dihilangin sebelum si "security tools" ini dihapus, caranya : jangan menghapus dari program file, karena ga bisa dihapus dan di add/remove program juga ga ke detect, jadi hapusnya dengan masuk ke msconfig dan hapus di bagian startup. setelah di hapus jangan langsung di restart, tapi di scan dulu. setelah selesai, baru PC di restart (optional). saya sudah coba di 3 PC dengan 2 Antivirus yang berbeda yang 2 Symantec dan yang satu lagi Avast. dan hasilnya semua sukses menghapus virus ini. Reply | Quote 0   0

pundi uang  - cari uang     |125.161.187.xxx |2009-11-12 04:14:29 Trim's bgt, info yg sangat berharga, apalagi cara pengobatannya. Moga makin APIK brur. Reply | Quote 0   0

Jakarta Spa  - Informasi yang keren banget. Dua jempol utk sobat     |117.102.86.xxx |2009-11-13 01:13:41 Keren sobat! demikian komen yang dapat kuberikan kepadamu untuk informasi yang sangat berharga ini. Kita memang harus mengenali ciri2 virus atau gangguan lainnya supaya kita bisa lancar berkomunikasi secara terus-menerus tanpa gangguan. Reply | Quote 0   0

dinoe     |174.132.56.xxx |2009-11-13 18:30:11 Nice info kang...sangat bermanfaat Reply | Quote 0   0

ari     |125.161.63.xxx |2009-11-14 14:54:00 Waduhhhh... Baru mainan facebook udah ada pengacaunya. Reply | Quote 0   0

Jakarta Spa  - Tips jitu yang bagus untuk FB-an     |114.123.23.xxx |2009-11-15 00:51:25 Salut untuk Wong Apik yang telah berbagi tips sempurna dalam berinteraksi sosial di facebook. Reply | Quote 0   0

RIP666     |114.59.106.xxx |2009-11-18 08:01:51 wahhh bahaya jg ya klo kena...hehehe nice info bro Reply | Quote 0   0

Kang Musa  - 6 Cara Menjadi Kaya dari Blog     |125.164.209.xxx |2009-11-18 23:01:09 Assalamualaikum, blog Anda memang inspiratif, mengilhami saya untuk menulis "6 Cara Menjadi Kaya dari Blog". Saya tunggu komentar Anda di posting tsb. http://www.kang-musa.co.cc/2009/11/6-cara-me njadi-kaya-dari-blog.html Reply | Quote 0   0

moenas  - blog mantabbb     |202.169.53.xxx |2009-11-19 00:05:27 ihhhh ngeri akh,,, Reply | Quote 0   0

tovarossi  - tovazone     |125.164.106.xxx |2009-11-19 15:47:45 virus bisa datang dari mana-mana bukan hanya facebook, komputer qta pun bisa kena imbasnya. nice info bro, keep spirit Reply | Quote 0   0

imam meqels     |118.98.169.xxx |2009-11-19 17:47:02 weih nyebelin juga yah neh email,kalau begitu dari saat ini kita semua harus tetep waspada dan hati-hati bila dapet satu email.salam www.wantduit.blogspot.com Reply | Quote 0   0

imam meqels     |118.98.169.xxx |2009-11-19 17:47:54 SALAM HANGAT SELALU BUAT MAS APIK,LAMA TAK JUMPA NEH,SALAM WANTDUIT.BLOGSPOT.COM Reply | Quote 0   0

munir ardi  - Berpikir Positif     |125.162.239.xxx |2009-11-19 17:51:58 tambahan ilmu yang sangat bermanfaat mas Reply | Quote 0   0

Mengembalikan Jati Diri Bangsa     |125.163.230.xxx |2009-11-19 20:59:01 iya ni sekarang banyak virus, thank's. |Mbah Gendeng|Mengembalikan Jati Diri Bangsa| Reply | Quote 0   0

agus  - Good     |117.103.170.xxx |2009-11-20 05:12:18 Wah, bisa jaga2 nih dari sekarang cz q lum prnah dapet mail begituan. ternyata isinya virus ya ?! thanks infonya Reply | Quote 0   0

Animation, money n more  - Animation, money n more     |118.96.217.xxx |2009-11-20 16:19:16 thanks brow bwt infonya Reply | Quote 0   0

music Maniac     |203.82.79.xxx |2009-11-20 18:16:26 Reply | Quote 0   0

Nita     |125.161.179.xxx |2009-11-20 18:40:59 wah baru tau FB ngasih virus juga.. thx infonya yaa.. biar lain kali lebih waspada menerima email nya.. Reply | Quote 0   0

duitgratis     |125.164.85.xxx |2009-11-20 19:30:22 Wah.. untung aku gak pernah dapet email kyk gitu.. dan gak mungkin aku terima email dr facebook soalnya semua notification aku off kan Reply | Quote 0   0

saifudin80  - terima kasih     |125.164.200.xxx |2009-11-21 14:07:28 wow Reply | Quote 0   0

vinasAm  - salam     |125.162.123.xxx |2009-11-21 22:09:45 wagh. terimakasih infonya. berarti harus selalu berhati-hati. Reply | Quote 0   0

louboutin     |123.161.70.xxx |2009-11-27 23:05:36 is could haveLouboutin known also as the best cheap UGG Boots idea ever. Mattel Barbie has Christian Louboutin on sale always rocking the Christian Louboutin, as the ladies of wear Christian Louboutin shoes it! Now that which lv is most of us grew up, we probably do Louis Vuitton not think of Barbie too MBT Shoes You are looking for here http://www.sellugg.co.uk http://www.buylouboutin.com http://www.salelouboutin.com http://www.bestlouisvuitton.com still Barbies. New-style Christian LouboutinChristian LouboutinChristian Louboutin EveningChristian Louboutin Pumpsstill BarbiesChristian Louboutin SandalsChristian LouboutinChristian Louboutin Bootsstill Barbies. Christian Louboutin Wedgesstill BarbiesChristian Louboutin Peep-toeLouboutinChristain Louboutin SlingbackChristain Louboutin Mary JanesChristian LouboutinManolo BlahnikJimmy Choostill BarbiesYves Saint LaurentChanel Shoesstill Barbies. Gucci shoesTory Burch shoesBottega VenetaChristian LouboutinBalmainLanvinEd HardyAlexander Mc... Reply | Quote 0   0

come n share  - come n share     |202.152.195.xxx |2009-12-10 04:45:18 wah..nice info sob..perlu nih di beritahukan ke teman2 fzbukers.. Reply | Quote 0   0

suzhu  - ngomen     |110.136.241.xxx |2009-12-10 22:42:01 iya nih aq pernah dapet tapi gag pernah aq confirm. thank ya dah kasih tau Reply | Quote 0   0

SAUDAGAR  - Saudagar Network     |114.56.145.xxx |2009-12-14 19:21:19 thanks infonya Reply | Quote 0   0

pangeran9999  - ponsel     |125.167.57.xxx |2009-12-23 21:16:57 bagus brow...thank infonya brow.!!! Reply | Quote 0   0

uggs on sale-ugg outlet store  - http://www.ugg-sales.net:Uggs on sale at uggs outl     |58.22.79.xxx |2010-01-22 20:54:27 Thank u for sharing,very good and useful for me.I will have eyes on your post,and i am Looking forward to more better posts! Reply | Quote 0   0

corpse   |95.132.92.xxx |2010-02-02 14:08:16 ooo... o-k-k- Reply | Quote 0   0

gaga  - Help     |125.163.142.xxx |2010-02-13 05:59:32 Tolong, rasany si udah discan dan dihapus. Tapi pas startup ko ada RUNDLL ma di box tulisannya : Error loading qtru.lfo The specific module could not be found. Gimana ngilangin box nya???? Tolong semuanya Reply | Quote 0   0

MBT  - http://www.mbtshoeshop-online.com MBT     |220.161.100.xxx |2010-04-28 04:15:36 Democrats, Pressuring G.O.P., Unite on Finance Bill.mbt shoes** Senate Democrats said sale mbt** Sunday that they had bridged internal party differences and mbt** coalesced around a plan louboutin shoes** to tighten regulation of derivatives, the complex financial instruments that christian louboutin shoes** were a major factor in christian louboutin shoes** the 2008 economic crisis. The proposed derivatives louboutin shoes** rules are an christian louboutin shoes** important part of the effort to strengthen louboutin sale** regulation of the ????** nation’s financial system, ????** and seem certain to ??sf** anger some of Wall ????** Street’s biggest players. louboutin** The agreement among christian louboutin** Democrats would shoes christian louboutin** combine overlapping christian shoes** proposals on designer shoes** derivatives by the high heels shoes** banking and agriculture christian louboutin pumps** committees, christian louboutin short boots** and it raised th... Reply | Quote 0   0

cheap nfl jerseys  - http://www.nflfansjersey.com nfl jerseys     |59.58.175.xxx |2010-04-28 16:41:53 G.O.P. Blocks Debate on ed hardy clothing** Financial Oversight cheap nfl jerseys** Bill.Senate nfl football jerseys** Republicans, nfl jerseys** united in opposition to the youth nfl jerseys** Democrats’ youth nfl jerseys** legislation to nfl throwback jerseys** tighten regulation nfl jersey** of the financial ed hardy** system, Eagles Jersey** voted on Monday Saints Jersey** to block the Raiders Jersey** bill Ravens Jersey** from reaching Patriots Jersey** the floor Jets Jersey** for debate. Vikings Jersey** As both sides 49ers Jersey** dug in, Packers Jersey** the battle Giants Jersey** has huge Bears Jersey** ramifications Dolphins Jersey** for the Steelers Jersey** economy and Cowboys Jersey** for their political Terrell Owens Jersey prospects John Elway Jersey in this Tony Romo Jersey year’s midterm Jason Witten Jersey elections. Brandon Jacobs Jersey Republicans Aaron Rodgers Jersey said they Ed Reed Jersey were intent Ray Rice Jersey on winning Troy Polamalu Jersey subst... Reply | Quote 0   0

ed hardy  - www.ed-hardy.cc     |59.58.175.xxx |2010-05-10 21:03:46 How to Date Vintage Nike Shoes by the Numbers. ed hardy clothing** Nike shoes are very popular high quality and ed hardy** high performance sports shoes. hardy shirts** Nike shoes are also very attractively styles. kobe jersey This makes them collectors items with many people purchasing, lebron jersey and collecting vintage Nike shoes. A purchase seeking to purchase kevin jersey vintage Nike shoes needs to Paul jersey be able to spot a real shoe from a fake Tim jersey and to be able to know when a shoe was Tracy McGrady jersey made by looking at the style numbers. Jason kidd jersey Here are instructions on Tony jersey how to date vintage Nike shoes by the numbers. Dirk jersey Look inside the Nike shoe for Kevin jersey the woven fabric tag. Penny jersey Nike shoe tags are always woven and not plastic-like or paper. Carmelo jersey Read the numbers on the tag. Dwight Howard jersey Each tag has a series of numbers. Gilbert Arenas jersey You will see the product release... Reply | Quote 0   0

mbt shoes  - http://www.cheap-mbt-shoes.net/     |61.201.61.xxx |2010-05-31 22:05:25 Good Walking Shoes for Problem Feet. mbt shoes** Foot problems can be indicators walking shoes** of more serious health issues. mbt** Shoe companies holding a mbt schuhe** seal of approval from the American cheap mbt shoes** Podiatric Medical Association (APMA) swiss shoes** are noted to contribute to proper foot health for barefoot shoes** people suffering from foot conditions. mtb shoes ** Proper walking shoes have preventative and anti shoes** corrective measures, including proper support mbt sale** and cushioning for ankles, soles and heels. masai** Proper Walking Techniques:A walker's foot masai shoes** hits heel first and should roll off the heel upward. posture shoes** Low supportive heels that are mbt shoes clearance** rounded are best to help you walk mbt walking shoes** properly and will reduce conditions with feet, joints and legs. mbt footwear** Rockport Walker:Rockport styles are mbt outlet** highly noted by the APMA Seal of Acceptance. mbt shoes sale** R... Reply | Quote 0   0

????  - http://www.kicksf.com     |120.40.145.xxx |2010-07-27 22:04:16 The $700 billion bailout bill what is this monster. ???? by writing this book i get a second crack at the greatest financial disaster facing our nation since the ???? great depression mortgage and credit crisis of 2008. ???? As I consider my thoughts, ???? stock markets have crashed world wide, ???? unemployment is rising, home prices continue to head south, ???? and many Americans(unless they make their ?????? living off of home foreclosures) ?????? feel like there is no end in sight to the bad economic news. ??sf To many of us,it feels like we're sinking, ???? but there are repair crews in scuba gear ???? trying to patch the holes in the bow.???? As passengers we're not sure if the ship can be saved. Reply | Quote 0   0

Write comment
Name:
Email:	do not notifynotify
Website:
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
	Please input the anti-spam code that you can read in the image.

Powered by !JoomlaComment 3.26

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."