Facebook worm finds a friend in Google Reader

According to researchers at Fortinet, the worm's creators are wrapping Google's RSS reader around fake video downloads as part of a strategy to strengthen the social engineering component of the attack. From Fortinet's advisory:

• This "hop" via a Google Reader share serves an essential purpose: it gives the targeted user the feeling that the video is hosted on Google. Thus it must be safe. Combo that with the "it's a message from a friend" factor, which naturally lowers down users' wariness shields, and you get quite a good chance of seeing your victim perform the dreaded click.

[ SEE: Web worms squirm through Facebook, MySpace ]

Fortinet researcher Guillaume Lovet believes the cyber-criminals behind the Facebook worms registered Google Reader accounts (either manually, or automatically via phishing operations or automated CAPTCHA solvers) for the sole purpose of loading them with links to malicious sites.

Fake video lures are used to infect Windows machines with rogue security software.

Image source: Jacob Botter's Flickr photostream (Creative Commons 2.0)