Josep Albors, laboratory director of ESET, has warned that this is a “network of ‘bots’ call ‘PokerAgent’, which will follow the track since 2012, and whose purpose is to get access to Facebook data and defraud victims “.
Among the countries where the threat has been more active, is Israel with 800 computers infected and more than 16,000 stolen Facebook credentials.
“Monitoring of MSIL / Agent.NKY (generic name Trojan) revealed that at least 800 computers had been infected, and the attacker had at least 16,194 unique entries in your database credentials Facebook to date of 20 March 2012.These numbers do not correspond exactly to the number of valid credentials stolen, as there may be many more that we have not found. However, what we see, not all tickets were valid, and many users who tried to be deceived introduced usernames and passwords obviously false. “Albors assured.
Operation of the virus
The Trojan is programmed to log into a Facebook account and get the information regarding statistics ‘Zynga Poker’ (one of the largest sites for online poker in the world), and details of payment methods user, for example, credit cards.
A ‘PokerAgent’ only care about the gender of the user, their points and their classification, in order to determine the forms of payment linked to that account
Furthermore, the virus is able to carry out various tasks on behalf of the infected account as posting links on the user’s Facebook wall leading to the ‘friends’ or other users to a fake page access to Facebook, to infect also their profiles and steal their user names and passwords.
The Trojan, once logged on to Facebook, post the link on the wall decryption user. The pages offer sensational news that may arouse the curiosity of those who access them.
Unlike other Trojans that try to invade Facebook, this does not interfere with the profile, search for users with data value worth stealing (statistics poker game or credit cards) to use or sell the same to third.
After being alerted, Facebook already has conducted relevant prevention efforts to thwart future attacks on stolen accounts.