Web worms squirm through Facebook, MySpace
Summary: My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.
My colleagues at Kaspersky Lab (see disclosure) have intercepted two new worms squirming through MySpace and Facebook, using social engineering lures to plant malware on Windows systems.
The worms propagate via the comments features on the two popular social networks, using video lures and fake Flash Player downloads to trick end users into installing malicious executables.
As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets. Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.
Some of the messages and comments posted to the social network sites include:
- Paris Hilton Tosses Dwarf On The Street
- Examiners Caught Downloading Grades From The Internet
- Hello; You must see it!!! LOL. My friend catched you on hidden cam
- Is it really celebrity? Funny Moments and many others.
The messages and comments include links to a fake YouTube-like site. Clicking on the link redirects the targer to another YouTube clone fitted with a note to download the latest version of Adobe's Flash Player.
However, instead of the latest version of Flash Player, a file called codesetup.exe is downloaded to the victim machine; this file is also a network worm. Kaspersky said its security suite detected the threats proactively and signatures were added to the database on July 31, 2008.
The use of Flash Player downloads as the social engineering enticement is interesting. For the most part, malicious hackers have used fake codecs alongside video lures but, since Flash Player downloads are a normal part of the Web surfing experience, the likelihood that end users fall for this latest trick is rather high.
As usual, if you're on a social networking site, you are encouraged to pay close attention to executables downloaded to Windows machines, keep your machine fully patched and run updated anti-malware software.
* Image source: Gastev's Flickr photostream (Creative Commons 2.0)
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Facebook and Myspace Worm & Viruses
They need to go to jail or pay with some real dollars for what they have done....end of story....
Good luck...
[b]The messages and comments include links to a fake YouTube-like site. Clicking on the link redirects the targer to another YouTube clone fitted with a note to download the latest version of Adobe?s Flash Player.[/b]
What makes you think they DON'T already scan stuff being uploaded to their servers..?
Answer: The links are pointing to ANOTHER site all together - a FAKE one that serves up worms and malware. They can scan their site all they want - but if the files are elsewhere - it's not going to stop the problem.
And yes, you DO have the right to sue anyone who creates a virus or other malware. Good luck finding them. They're not exactly going to publish their names anywhere nor are they going to necessarily sign their viruses with their names and address'. They're not stupid. They know full well they're doing something that's ILLEGAL and will get them a prison sentence if they ever got caught.
Good luck ?????????????
or my space??????????????
You can play with the words all you like. The
result is the same.
Thanks for the people at ZD NET . thanks again.
ciere
As absurd as a may sound
They COULD help. If they cared.
RE: They could help. If they cared.
I use Firefox, and I have it set to warn me if I am being redirected; or with the Web of Trust addon, if the site is dangerous.
[b]What's on your computer??? - IE[/b]
make the kids pay for not listening to you
My 18 year old got the malware that changes the wallpaper to a spyware warning while on Facebook last week on his brand new laptop he is bringing to college. He is quite knowlegable and claims he did not download anything intentionally. He did not have to reinstall the OS but he Googled for solutions and ended up running a few specialized cleaners and fixed things.
His problem I am convinced was caused by the fact that his college requires a "Norton Product" on any computer to be connected to the college's network. On our home systems we use Kaspersky Internet Security and rarely if ever have anything severe happen despite the kids using AIM, Facebook, browsing gaming sites, etc... Since my son was prepping his laptop for college he has Norton 2008 on it. The only advantage is that the college will suport the students' systems. Personally I have never had very good luck with Norton.
True
Freudian Slip?
malware sweety not maleware, must be a Freudian slip. Are you by chance female?
DOS is dead...
DOS lives on in many ways.
If you are using windows you have DOS. While the switch the NT based kernels finally got away from the DOS kernel which was the heart of the Win 9x series you still find DOS at the core of windows. Microsoft would love to eliminate it but doing so would make system administration far more difficult. Many applications are designed to run in DOS even to this day. When you go shopping odds are good that the cash register is running XP but the actual application is a DOS app. If you boot into Partition magic your booting into DOS. FreeDOS is alive and well. As somebody else said OSX and Linux both offer excellent support for DOS. There are so many legacy apps that never got ported to windows, people just love to play them.
As a primary end user OS, yes DOS is pretty much dead. There was a project which included the FreeDOS kernel to run on older hardware in third world countries during the late 90s. Linux supplanted DOS as the OS used for those computers in the 00s. There are still a few ancient computers around which cannot run modern Operating systems and a few die hard DOS enthusiest around. A couple years I finally retired a 10 year old DOS machine which could not run Linux or Windows on it's staggering 3 megs of RAM and Cyrix chip. It did however run a couple old DOS based games I still liked to play. It was a great machine for my daughter to play around on because she couldn't mess it up. She learned her first typing skills and gaming skills on that machine.
As for vulnerabilities, windows is wide open to such attacks and will be for some time. It's just been far easier to exploit VBA. So easy hackers have gotten lazy and forgotten how to program.
Last if you dis DOS your dissing windows. Windows has changed but in many ways is still that clumsy GUI haphazardly tossed on top of DOS.
Thank God for DOS
I'm sure there is software out there that could have help me do what I wanted. But, why spend $$$, then learn something new when I have something that will do the trick?
DOS still lives for some of us. I will always have it in the cupboard. Some of my old DOS utilities are a charm. Especially for globally manipulating raw data.
DOS is important
RE: Web worms squirm through Facebook, MySpace
Besides, properly crafted DOS programs will run just fine in XP and Vista, even Linux platforms.
RE: Web worms squirm through Facebook, MySpace
RE: Web worms squirm through Facebook
We have allowed Bill Gates to create the biggest empire of wealth in America, perhaps the world, by being his "beta testers" for the Windows operating system. The government had them by the balls, so to speak, a few years back. But the empire still grows day by day, year by year. We have invested so much in software that runs on Windows, there seems to be no way out unless they market a processor chip that will run anything handed it.
When it comes to Windows, I'm not, and have never been, a happy camper. My computer skills started with an Apple IIe, then DOS on a PC, then Windows 3.11, then Win 95, Win 2000, Win XP, and now I use Win Vista. I have seen the "blue screen of death" in all the Windows OSs.
I saw a blog subtitle that said "DOS is dead". I want to state that Windows 3.11 ran under DOS. We installed DOS then added Windows from diskettes at the command line. Windows Vista still has the old "command line" but its functionality has apparently been crippled...some of the commands i used to be able to execute won't work anymore. So now Windows controls DOS which inhibits users from having all the power they used to. However, does Windows really deserve to have the power? They haven't shown me they are trustworthy, because 1.-Vista is on "autopilot" for constantly receiving security updates, 2.-my antivirus software updates daily, 3.-I can't operate my OS safely WITHOUT the use of a firewall. In my opinion, all these components should be WITHIN the OS and be so perfectly programmed that update is not necessary. I know this is just a dream however, and probably will never be a reality. We are only human.
Perhaps computers could be programmed to write an operating system that would be better. But I don't trust computers enough to allow them to do such a thing, (remember Termintor?)
Finally, are we going to have enough energy in years to come to continue to run computers anyway?
RE: Web worms squirm through Facebook, MySpace
Problem is that you have to extradite many of them first <NT>
Another reason to use Linux for Web activities.
This attack is targeted at kids who just are not aware of how to protect themselves.
It's not practical to run Windows in this environment.
RE: Web worms squirm through Facebook, MySpace
Who's the stupid one now?