Trojan horse: Warning about voucher advertising on Facebook

There is currently an ad for various vouchers circulating in the ads on Facebook (on the right in the window). The first voucher is called “Vouchers 4 free” which supposedly gives you mobile phone credit, free minutes etc. and the second voucher, which is called “100 free minutes free” gives you 100 free minutes on all German networks! Both vouchers are supposedly available on a domain called “voucherjunky”! After clicking on the ad, you end up on the page where a video is supposed to be played to you. Instead of a video, an error message appears stating that Java should be updated. At the same moment, the download of an executable file begins, which Virustotal detects as harmful.

This is what these vouchers look like:

 

UPDATE: January 13, 2012 (Thanks Andre)
But it can also come via the domain wellness…de
(see URL on the two images)

After clicking on the ad, you end up on the page where a video is supposed to be played to you:

After a few seconds the following window opens:

This message then opens:

If you click OK here, this window will open!

Here you should now download an *exe file (executable file)!

And there is a Trojan horse hiding behind this file!
The “original” name of fer . exe is actually crj . exe

The following malicious software is hidden behind this file:

• Trojan.Win32.VB.amm
• Win32/VB.AMM
• trojan
• Generic
• VB.b
• trojan
• TROJ_VB.BLD

and the properties are

• Affects the security of the system.
• Self-installs into the registry.

We can't say exactly what damage this file causes!
But one thing is certain! This file is up to no good!

Please NEVER load and open such executable files (*. exe) if they are “sent” via Facebook! Such files can cause significant damage!