Web worms squirm through Facebook, MySpace

Web worms squirm through Facebook, MySpace

Summary: My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.


Cross-network worm squirms through Facebook, MySpaceMy colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.

The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.

As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets. Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.

Some of the messages and comments posted to the social network sites include:

  • Paris Hilton Tosses Dwarf On The Street
  • Examiners Caught Downloading Grades From The Internet
  • Hello; You must see it!!! LOL. My friend catched you on hidden cam
  • Is it really celebrity? Funny Moments and many others.

The messages and comments include links to a fake YouTube-like site. Clicking on the link redirects the targer to another YouTube clone fitted with a note to download the latest version of Adobe's Flash Player.

Web worms squirm through Facebook, MySpace

However, instead of the latest version of Flash Player, a file called codesetup.exe is downloaded to the victim machine; this file is also a network worm.  Kaspersky said its security suite detected the threats proactively and signatures were added to the database on July 31, 2008.

The use of Flash Player downloads as the social engineering enticement is interesting. For the most part, malicious hackers have used fake codecs alongside video lures but, since Flash Player downloads are a normal part of the Web surfing experience, the likelihood that end users fall for this latest trick is rather high.

As usual, if you're on a social networking site, you are encouraged to pay close attention to executables downloaded to Windows machines, keep your machine fully patched and run updated anti-malware software.

* Image source: Gastev's Flickr photostream (Creative Commons 2.0)

Topics: Collaboration, Browser, Networking, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Facebook and Myspace Worm & Viruses

    Well it seems that these viruses and the associated infections are cleverly disguised as usual and of course my kids although educated in the problems with downloading flies ingnored my statements regarding this possibility and their computers have ground to a halt....I think that the 40 to 80 manhours should be reimbursed to all computer owners that need to reinstall their systems...I also think the these site should scan all uploads and downloads as part of their responsibilities in managing a money making (for them) endeavor. I also think I should have the right to sue any one that creates a virus or unsolicited maleware download for my time needed to recover from their downloads....

    They need to go to jail or pay with some real dollars for what they have done....end of story....
    • Good luck...

      If you had bothered reading the article, you would have noticed a few things that make your suggested solutions null and void.

      [b]The messages and comments include links to a fake YouTube-like site. Clicking on the link redirects the targer to another YouTube clone fitted with a note to download the latest version of Adobe?s Flash Player.[/b]

      What makes you think they DON'T already scan stuff being uploaded to their servers..?

      Answer: The links are pointing to ANOTHER site all together - a FAKE one that serves up worms and malware. They can scan their site all they want - but if the files are elsewhere - it's not going to stop the problem.

      And yes, you DO have the right to sue anyone who creates a virus or other malware. Good luck finding them. They're not exactly going to publish their names anywhere nor are they going to necessarily sign their viruses with their names and address'. They're not stupid. They know full well they're doing something that's ILLEGAL and will get them a prison sentence if they ever got caught.
      • Good luck ?????????????

        Why was no one told of the problem by facebook
        or my space??????????????

        You can play with the words all you like. The
        result is the same.

        Thanks for the people at ZD NET . thanks again.
      • As absurd as a may sound

        but some of these guys will disclose their identities on cracker sites. However, trying to sue someone in a foreign country can be like trying to hit the jackpot in a lottery.
      • They COULD help. If they cared.

        I know the malware content is not on their servers. They cannot stop other sites from pushing out malware on unsuspecting end users. They could be black listing links to external sites that <u>are</u> doing this. Especially like in this case where it is becoming widely known. They are making large amounts of money marketing their users. In this case, many of them are teens. They do have an ethic responsibility to do so. What are they going to do when all of the users can't use their computer because it is so loaded with malware? They should be held accountable for not taking steps. They <u>do</u> have a responsibility to act upon this. Their site directed them to the content. They cannot do something if they do not know about it, but if they chose to do nothing, they should be liable. If the ZDnet community knows about it, so should they.
        • RE: They could help. If they cared.

          [b]Why don't you enforce some security in your browser?[/b]

          I use Firefox, and I have it set to warn me if I am being redirected; or with the Web of Trust addon, if the site is dangerous.

          [b]What's on your computer??? - IE[/b]
    • make the kids pay for not listening to you

      depending upon their age, this can be monetary or in services, loss of computer time, or insist they learn to research the issue and fix their own system. I assure you they will not ignore your warnings again.

      My 18 year old got the malware that changes the wallpaper to a spyware warning while on Facebook last week on his brand new laptop he is bringing to college. He is quite knowlegable and claims he did not download anything intentionally. He did not have to reinstall the OS but he Googled for solutions and ended up running a few specialized cleaners and fixed things.

      His problem I am convinced was caused by the fact that his college requires a "Norton Product" on any computer to be connected to the college's network. On our home systems we use Kaspersky Internet Security and rarely if ever have anything severe happen despite the kids using AIM, Facebook, browsing gaming sites, etc... Since my son was prepping his laptop for college he has Norton 2008 on it. The only advantage is that the college will suport the students' systems. Personally I have never had very good luck with Norton.
      • True

        n other words, if a satellite in a geostationary orbit is in a certain place above the earth, it will stay in that same spot above the earth. ( http://www.highspeedsat.com/geostationary-satellites.php ) Its latitude stays at zero and its longitude remains constant. In contrast to geostationary orbits, Medium Earth Orbit and Low Earth Orbit satellites constantly change their positions in relation to the surface of the earth. A single geostationary satellite will provide coverage over about 40 percent of the planet.
    • Freudian Slip?

      "I also think I should have the right to sue any one that creates a virus or unsolicited maleware download for my time needed to recover from their downloads.."

      malware sweety not maleware, must be a Freudian slip. Are you by chance female?
      Leslie The Computer Lady
  • DOS is dead...

    Are ALL OSX computers so out of date..? MS-DOS is dead. And it's been for a number of years. So why are they saying it's an MS-DOS executable? It's a Windows executable... Sheesh...
    • DOS lives on in many ways.

      First off it's probably not a DOS app at all. Microsoft still calls exes DOS apps. It's legacy code from the Windows 3.11 days. Any terminal based app will be called a "DOS" application by Windows even if it spawns a windows app.

      If you are using windows you have DOS. While the switch the NT based kernels finally got away from the DOS kernel which was the heart of the Win 9x series you still find DOS at the core of windows. Microsoft would love to eliminate it but doing so would make system administration far more difficult. Many applications are designed to run in DOS even to this day. When you go shopping odds are good that the cash register is running XP but the actual application is a DOS app. If you boot into Partition magic your booting into DOS. FreeDOS is alive and well. As somebody else said OSX and Linux both offer excellent support for DOS. There are so many legacy apps that never got ported to windows, people just love to play them.

      As a primary end user OS, yes DOS is pretty much dead. There was a project which included the FreeDOS kernel to run on older hardware in third world countries during the late 90s. Linux supplanted DOS as the OS used for those computers in the 00s. There are still a few ancient computers around which cannot run modern Operating systems and a few die hard DOS enthusiest around. A couple years I finally retired a 10 year old DOS machine which could not run Linux or Windows on it's staggering 3 megs of RAM and Cyrix chip. It did however run a couple old DOS based games I still liked to play. It was a great machine for my daughter to play around on because she couldn't mess it up. She learned her first typing skills and gaming skills on that machine.

      As for vulnerabilities, windows is wide open to such attacks and will be for some time. It's just been far easier to exploit VBA. So easy hackers have gotten lazy and forgotten how to program.

      Last if you dis DOS your dissing windows. Windows has changed but in many ways is still that clumsy GUI haphazardly tossed on top of DOS.
      • Thank God for DOS

        Hey, I agree with you draciron. I have a laptop that was running W98 (factory loaded). I wanted to put XP on it, but kept having problems. Not sure what problems right now. I booted to DOS, pulled out some of my old DOS utilities and viola up and running.

        I'm sure there is software out there that could have help me do what I wanted. But, why spend $$$, then learn something new when I have something that will do the trick?

        DOS still lives for some of us. I will always have it in the cupboard. Some of my old DOS utilities are a charm. Especially for globally manipulating raw data.
        • DOS is important

          I saved some critical documents when I lost one HD in a RAID setup and could not boot. I was able to boot to DOS and copy files off the bad drives the old fashioned way.
  • RE: Web worms squirm through Facebook, MySpace

    DOS is far from dead and still used in a lot of legacy applications along with many people who still run the old win98.
    Besides, properly crafted DOS programs will run just fine in XP and Vista, even Linux platforms.
  • RE: Web worms squirm through Facebook, MySpace

    I wonder if virus/worm writers understand that they're making Microsoft rich by forcing users into upgrades that they may not need, simply to get a clean install?
    • RE: Web worms squirm through Facebook

      I have said for years that Microsoft should be put out of business or either not charge for their operating systems because the are in fact "still in beta". There should be no loopholes or security problems if/when a TRUE operating system exists. If a problem is discovered/found, then it wasn't fully tested and should have never been released. Comprendi?

      We have allowed Bill Gates to create the biggest empire of wealth in America, perhaps the world, by being his "beta testers" for the Windows operating system. The government had them by the balls, so to speak, a few years back. But the empire still grows day by day, year by year. We have invested so much in software that runs on Windows, there seems to be no way out unless they market a processor chip that will run anything handed it.

      When it comes to Windows, I'm not, and have never been, a happy camper. My computer skills started with an Apple IIe, then DOS on a PC, then Windows 3.11, then Win 95, Win 2000, Win XP, and now I use Win Vista. I have seen the "blue screen of death" in all the Windows OSs.

      I saw a blog subtitle that said "DOS is dead". I want to state that Windows 3.11 ran under DOS. We installed DOS then added Windows from diskettes at the command line. Windows Vista still has the old "command line" but its functionality has apparently been crippled...some of the commands i used to be able to execute won't work anymore. So now Windows controls DOS which inhibits users from having all the power they used to. However, does Windows really deserve to have the power? They haven't shown me they are trustworthy, because 1.-Vista is on "autopilot" for constantly receiving security updates, 2.-my antivirus software updates daily, 3.-I can't operate my OS safely WITHOUT the use of a firewall. In my opinion, all these components should be WITHIN the OS and be so perfectly programmed that update is not necessary. I know this is just a dream however, and probably will never be a reality. We are only human.

      Perhaps computers could be programmed to write an operating system that would be better. But I don't trust computers enough to allow them to do such a thing, (remember Termintor?)

      Finally, are we going to have enough energy in years to come to continue to run computers anyway?
  • RE: Web worms squirm through Facebook, MySpace

    When spammers hackers are caught they should get more then a slap on the hand. Prison time would , I think have a good impact on them to change there ways.
    • Problem is that you have to extradite many of them first <NT>

  • Another reason to use Linux for Web activities.

    It's time to punch the Window's ticket and get something you don't need to worry about.

    This attack is targeted at kids who just are not aware of how to protect themselves.

    It's not practical to run Windows in this environment.
  • RE: Web worms squirm through Facebook, MySpace

    I tried to convince MySpace that there was a virus/worm on people's pages twice (2nd time I even took a screen shot of the offending worm trying to install itself). They told me I didn't know what I was talking about, that it must be my computer. I told them that I was using Ubuntu (linux) the 2nd time when I took the screen shot (even though it was supposedly a Windows Update). Still told me I didn't know what I was talking about.

    Who's the stupid one now?