Anonymous' buzzworthy threat to take down Facebook on November 5th (Guy Fawkes Day) came and went without a hitch. But did the hacktivist group really just drop its mission to take down the social network?


It appears not. Yesterday, Anonymous released a video (see below) saying its programmers have uploaded a "highly sophisticated worm" that takes control of your Facebook account and spreads to your friends' accounts without you being logged in.

According to the video, which you can see below, the so-called "Fawkes Virus" has advanced network self-replication and remote abilities. Once it seizes your account, it spreads itself by making friend requests, sending private messages, and posting malicious links to your friends' wallsall without your knowledge. Anonymous also said the Fawkes Virus resembles 2008's Koobface worm which attacked Facebook and MySpace, however the Fawkes virus also receives commands from a remote attacker so it acts like a botnet too.

Based on this description, BitDefender thinks it has identified the worm using Safego, its free anti-scam protection for social networks.

"Backdoor.Bifrose.AAJX" is a backdoor that surfaced on July 8, the same day Anonymous claims it uploaded its virus. The malware gives authors full, unauthorized access to users' accounts, and hides itself by injecting malicious code into the memory process of Internet Explorer, which is how it deletes registry entries in firewalls and antivirus software.

It also acts as a keylogger, meaning it records your keystrokes as a way of stealing passwords, login names, and other sensitive information.

Like most Facebook malware, this one is spread through social engineering. It offers up a link to "New Facebook Video Chat with Voice Features," but if you click the link you begin downloading a poisoned archive called "scan_facebook.zip."

"Once it compromises a system, Backdoor-Bifrose-AAJXdoes pretty much what the hacktivists say, which is: injects itself in IE process, provides a remote attacker unhindered access to the compromised system, records keystrokes and kills several processes of known antimalware solutions, if installed on the computer," wrote George Lucian Petre, product manager of social media security at BitDefender, in a blog post.

But Petre said there are two reasons to think this is not the actual Fawkes Virus. First, the malware doesn't have the self-replication component Anonymous said it would. And second, a well-written Facebook worm backed by a clever social engineering strategy should be spreading pretty rapidly, which is not the case with Backdoor.Bifrose.AAJX. Furthermore most anti-scam protection detects this.

Back in July, Anonymous called on hackers to help it "destroy" Facebook on Guy Fawkes Day, under Operation Facebook. Weeks after the announcement was made, Anonymous clarified it was not actually taking down the social network, prompting many to think it was backing down.

Could the "Fawkes virus" be a reincarnation of Operation Facebook?

"After the worm gets under control, Anonymous will use this to its advantage against corruption, and as an alternative attack towards groups who take on Anonymous. We are Anonymous. We are a legion. We do not forgive. We do not forget. Expect us," the video says.

A commenter of the YouTube video who bills himself as a "legitimate member of Anonymous" said the virus was aimed at Facebook servers, not user accounts.http://securitywatch.pcmag.com/none/290546-anonymous-unleashes-facebook-worm-fawkes-virus