Has Anonymous' Released the Facebook-Attacking 'Guy Fawkes' Virus as Backdoor.Win32.Bifrose.aajx?

Although Facebook users should be well-used to being exposed to scams by now, the hacktivist group known as Anonymous may be responsible for introducing a particularly-dangerous new scam to the waters of Facebook's social wading pool. This new PC threat, a variant of Bifrose-based backdoor trojans, distributes itself via fake Facebook video updates and, once installed, will allow remote criminals a substantial level of access to an infected PC. Our malware researchers recommend that anyone who is exposed to Backdoor.Win32.Bifrose.aajx (which is also been speculated as being the Guy Fawkes virus) should immediately scan their computers with competent anti-malware programs to make sure that their operating systems haven't been compromised by security alterations and other attacks. However, as long as you avoid the scam link while you're using Facebook, you should have little to fear from current forms of this Anonymous attack.

Backdoor.Win32.Bifrose.aajx: Not Quite the Virus of Anonymous' Boasts, but Close Enough to Harm Your PC

Backdoor.Win32.Bifrose.aajx is distributed, like many other types of PC threats, by way of mislabeled Facebook links that pretend to offer video chat features instead of what they're really offering, which is the installation of a backdoor trojan. Other than the general lack of functionality in the link itself, you may not see symptoms of Backdoor.Win32.Bifrose.aajx being installed or attacking your PC. The majority of the traits that hacker-activist group Anonymous claimed to be a part of their latest PC threat to 'destroy Facebook' are found in Backdoor.Win32.Bifrose.aajx, including:

• Infecting the system processes for Internet Explorer, allowing Backdoor.Win32.Bifrose.aajx to launch whenever IE does without an independent process that could be detected or shut down.
• Monitoring keystrokes (AKA typing) from your keyboard, storing this information in log files and sending these log files to external servers on a pre-scheduled basis.
• Disabling anti-malware programs by attacking their system processes.
• Allowing criminal hackers to control your PC via a remote Egypt-based command server.

The following is a video directly from the Anonymous hacker group uploaded to YouTube. Take notice to their 'intentions' of utilizing the Fawkes Virus spoken in a computerized tone.

Rejection to the Targeted Facebook Opposition

There has been some rejecting the idea that Anonymous, or for that matter, the Fawkes Virus, is responsible for a recent influx of Facebook spam or attacks. This idea was initially shared by user AnonymousWiki on the Pastebin site. Basically, the AnonymousWiki writer denied that Anonymous or the Fawkes Virus effort was the culprit of a Facebook social engineering outbreak. Because the most recent attack on Facebook was compromised of a vast amount of hardcore porn content, some researches immediately draw the conclusion of Anonymous and the Fawkes virus being responsible. After all, the date of the Anonymous hacker group pledged to take down Facebook was November 5th, also dubbed Guy Fawkes Day. Looking at the Backdoor.Win32.Bifrose.aajx malware closely, it lacks self-replication. This missing trait is usually what would carry out such a heinous attack on Facebook. Bottom line, we are probably dealing with a plausible event that is coincidental at the same time.

Solid Protection Against the Fawkes Virus Hacking Spree

Despite possessing characteristic backdoor trojan traits, this supposed Fawkes virus lacks any ability to propagate by copying itself or infecting new system processes, and so, must use Facebook to spread to new computers. Backdoor.Win32.Bifrose.aajx is also identified by the aliases TROJAN.WIN32.BUZUS.GWUD and BCK/BIFROST.GEN, and, based on the Arabic text of its Facebook link, appears to be focused on infecting Middle-Eastern Facebook-users.

Once translated from Arabic, this Fawkes virus link claims to provide a new 'New Facebook Video Chat with Voice Features' functionality. As long as you avoid interacting with this fake link, Backdoor.Win32.Bifrose.aajx shouldn't be able to infect your PC, although anti-malware software may be required to remove Backdoor.Win32.Bifrose.aajx once infection has occurred. As of mid-November 2011, Backdoor.Win32.Bifrose.aajx is still a very recent PC threat, and you should be prepared with fully-patched security software to have a good chance of detecting or deleting a Backdoor.Win32.Bifrose.aajx infection if your PC is attacked.