Worm attacks Facebook
2008-08-06 08:46
- Article Tools
- Share
- Get News24 on
Fanie van Rooyen
Johannesburg - Users of social networking sites like Facebook and MySpace need to look out for a new worm virus that apparently has been designed specifically to target them.
Kaspersky Lab, a leader in online security, recently identified these two new variants of the worm.
Rosemary Viljoen of PURE communications said in a statement issued this week on behalf of Kaspersky Lab, that the worms Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook respectively, transform victims' computers into zombie computers to form so-called botnets.
A botnet is a network of zombie computers that, without any instruction from their users, automatically carries out a series of instructions from the worm software.
Malicious modules
"Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the internet," Viljoen said.
"It is highly probable that victim machines will not only be used for spreading links via these social networking sites but the botnets will also be used for other malicious and illegal purposes."
Net-worm.win32.koobface.a. spreads when a user accesses his MySpace profile. The worm creates a range of commentaries which are sent to friends' accounts.
Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site so that the user's friends will also be infected.
Strange, attention-grabbing messages
The viruses create strange, attention-grabbing messages on the profiles of infected MySPace and Facebook profiles.
The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments; and many others.
The messages and comments include links to http://youtube.[skip].pl. If the user clicks on this link, he is redirected to http://youtube.[skip].ru, a site which purportedly contains a video clip.
If the user tries to watch it, a message appears saying that he needs the latest version of Flash Player in order to watch the clip.
However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to the victim machine, which is also a network worm.
'Users are very trusting'
"Unfortunately, users are very trusting of messages left by 'friends' on social networking sites," said Alexander Gostev, a senior virus analyst at Kaspersky Lab.
"So the likelihood of a user clicking on a link like this is very high. At the beginning of 2008 we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites and we're now seeing evidence of this.
"I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity," Gostev said.
Users are advised to make sure their anti-virus software is recently updated to be able to identify the new worms.
- Beeld