Microsoft is warning of a new social engineering campaign aimed at tricking users into installing a backdoor Trojan.
"The messages used to lure in users vary, but they all lead to fake YouTube pages," writes Help Net Security's Zeljka Zorz. "Once there, the user is urged to download a new version of 'Video Embed ActiveX Object' in order to play the video file."
"Unfortunately, the offered setup.exe file is the Caphaw Trojan, which bypasses firewalls, installs an FTP and a proxy server and a keylogger on the affected machine," Zorz writes.
Go to "Backdoor Trojan pushed via versatile Facebook campaign" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.