A malicious plug-in for Google Chrome and Mozilla Firefox (with the names of Chrome Service Pack and Mozilla Service Pack) distributed as an installer of “browser update” that has a digital signature issued in the name of Updates LTD by Comodo. Once the browser with the incorporated malicious extension is launched, Trojan.Facebook.311 connects to a remote command and control server and receives a configuration file. The Trojan can automatically install updates after specified periods of time.
Once the webpage is filly loaded, the plug-in waits for the user to authorize on Facebook. After authorization, the Trojan can perform the following actions on user's behalf:
- “Like” something
- Post a specified status update
- Create a specified post on a Timeline
- Join a specified group
- Comment on a post
- Invite people from a contact list to a group
- Send a specified message to people from a contact list