Web worms squirm through Facebook, MySpace

Summary:My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.

Cross-network worm squirms through Facebook, MySpace
My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.

The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.

As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets. Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.

Some of the messages and comments posted to the social network sites include:

  • Paris Hilton Tosses Dwarf On The Street
  • Examiners Caught Downloading Grades From The Internet
  • Hello; You must see it!!! LOL. My friend catched you on hidden cam
  • Is it really celebrity? Funny Moments and many others.

The messages and comments include links to a fake YouTube-like site. Clicking on the link redirects the targer to another YouTube clone fitted with a note to download the latest version of Adobe's Flash Player.

Web worms squirm through Facebook, MySpace

However, instead of the latest version of Flash Player, a file called codesetup.exe is downloaded to the victim machine; this file is also a network worm.  Kaspersky said its security suite detected the threats proactively and signatures were added to the database on July 31, 2008.

The use of Flash Player downloads as the social engineering enticement is interesting. For the most part, malicious hackers have used fake codecs alongside video lures but, since Flash Player downloads are a normal part of the Web surfing experience, the likelihood that end users fall for this latest trick is rather high.

As usual, if you're on a social networking site, you are encouraged to pay close attention to executables downloaded to Windows machines, keep your machine fully patched and run updated anti-malware software.

* Image source: Gastev's Flickr photostream (Creative Commons 2.0)

Topics: Collaboration, Browser, Networking, Security, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.