Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.
Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it and infect themselves.
Just because a “friend” sends you something on Facebook or MySpace doesn’t mean you should trust it.
A new worm is spreading via Facebook and MySpace, turning victims’ computers into zombies on a botnet, Kaspersky Lab said on Friday.
Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.
The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.
It seems this one is not just interested in spamming your wall or putting something stupid or embarrassing in your profile.
This social networking worm is another vector for installing an actual executable on your computer and turning your machine into a zombie.
When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.
“We’ve seen these types of worms before, typically around MySpace,” he said. “People are more trusting of things they receive from a friend,” and many people don’t recognize that what they are downloading isn’t a legitimate Flash Player file, but a malicious program.
Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.
The same warnings apply to this as anything else, don’t download unknown executables! Definitely don’t install anything that you didn’t download yourself and have scanned with an up to date antivirus package.
Even if it comes from someone you know it doesn’t mean they actually sent it, you better ask them first if they really meant to send it or they are infected with something.
Source: Cnet (Thanks to Navin)