17 August 2008 | 7,011 views

New MySpace and Facebook Worm Target Social Networks

Check Your Web Security with Acunetix

Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.

Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it and infect themselves.

Just because a “friend” sends you something on Facebook or MySpace doesn’t mean you should trust it.

A new worm is spreading via Facebook and MySpace, turning victims’ computers into zombies on a botnet, Kaspersky Lab said on Friday.

Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.

The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.

It seems this one is not just interested in spamming your wall or putting something stupid or embarrassing in your profile.

This social networking worm is another vector for installing an actual executable on your computer and turning your machine into a zombie.

When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.

“We’ve seen these types of worms before, typically around MySpace,” he said. “People are more trusting of things they receive from a friend,” and many people don’t recognize that what they are downloading isn’t a legitimate Flash Player file, but a malicious program.

Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.

The same warnings apply to this as anything else, don’t download unknown executables! Definitely don’t install anything that you didn’t download yourself and have scanned with an up to date antivirus package.

Even if it comes from someone you know it doesn’t mean they actually sent it, you better ask them first if they really meant to send it or they are infected with something.

Source: Cnet (Thanks to Navin)



Recent in Malware:
- Microsoft’s Anti-Malware Action Cripples Dynamic DNS Service No-IP
- Pirated ‘Watch Dogs’ Game Made A Bitcoin Mining Botnet
- Hook Analyser 3.1 – Malware Analysis Tool

Related Posts:
- Koobface Worm Variant Hits Facebook
- The First Reported Facebook Worm/Malware Pops Up – Secret Crush
- FBController – The Ultimate Utility to Control Facebook Accounts

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,288 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,434 views
- US considers banning DRM rootkits – Sony BMG - 44,922 views

Advertise on Darknet

9 Responses to “New MySpace and Facebook Worm Target Social Networks”

  1. Morgan Storey 18 August 2008 at 12:14 pm Permalink

    Thanks Navin. Interesting, unfortunately this is just more non-it’s getting duped to run something they shouldn’t.

    @Darknet: so where can we submit articles? You have my email address, but I don’t have yours (can’t find it on the site). PS my offer still stands to assist moderating posts, or heck moderate a forum and move most of the post out of comments.

  2. Pantagruel 18 August 2008 at 1:14 pm Permalink

    Again the human factor is put to the test.
    Can he/she resist the temptation of opening the attachment from an unknown source, perhaps these finally do contain X-rated pic of the favorite musician/actor/…

    @Morgan Storey
    Use the Contact Darknet option http://www.darknet.org.uk/contact-darknet

  3. Navin 18 August 2008 at 2:53 pm Permalink

    @ Pantagruel needn’t be a actor/actress……last yr during the soccer world cup, a worm which was titled “|\|ude Soccer World Cup” infected thousands of users who clicked on it

    Guess “|\|ude” is the key word

    BTW Cheers :)

    And I repeat, Damn the Spam filter!!!!!! :(

  4. Morgan Storey 19 August 2008 at 12:15 am Permalink

    @Navin and Pantagruel: A long time ago I had a firewall that created a fake C drive that an attacker would see if they got through, I filled it with a tiny win95 install and in my documents I had Diablo3_secretdemo.exe which was just a renamed virus I had saved and tweaked so that it basically crashed the target and didn’t spread, I only got two skiddies. I watched it in the logs ip blah connected… ip blah change directory, IP blah downloaded Diablo3_secretdemo.exe ip blah uploaded sub7.exe, ip blah dropped connection… hahahah.
    See not all motivators are sex.
    Thems where the days though.

    @Navin: I think a moderated system, or login system would be better.

    @Darknet: I have been checking out your other blogs, and email is on its way with some ot questions.

  5. eM3rC 19 August 2008 at 5:29 am Permalink

    I understand that people will fall for the nude pics or free games but there are also the people that had their kids set up a facebook profile for them or were convinced by their kids to set up an email.

    With this in mind, many people will fall for these scams just because they have no knowledge of the computer world, period. This includes random things they get on social networks to getting basic protection for their computer.

    Knowledge is power and protection, too many people don’t have this :P

  6. Navin 19 August 2008 at 7:32 am Permalink

    Hey which firewall was that?? Would love to take it on a spin….one of my fave pastimes is bugging skiddies who’re constantly on my back!! :)

  7. Morgan Storey 19 August 2008 at 8:24 am Permalink

    @Navin: Your lucky I have a mind like a steal trap, I remembered what it was called, it only defeats the Netbus trojan attack, so you will need to have your firewall open (nat etc), even then I don’t like your chances, this was a worry to me back in 98, but now…
    http://www.megasecurity.org/Security/netbuster1.31.htm

    I just thought of one though, as I have seen a lot of VNC traffic hit firewalls and even servers in the past. Simply create a VM, put the 4.11 RealVNC on it (known vulerability that allows no password to be defined by the client) and on the unlocked desktop put a file that you have constructed to do something nasty, then let them at you :P
    I have a weekend project :P

  8. Pantagruel 19 August 2008 at 8:46 am Permalink

    @Morgan Storey

    True, the possible finding of a yet to appear piece of software will definitely attract attention.

    I’ve had a honeypot running for several month but disconnected it eventually. I got fed up with all the skiddies having a go at it. Our email/web/ssh/etc server still gets attacked twice (on average) a day (ssh brute forcing,dir traverse trials,etc) which gives me enough logs to peruse.

    have phun with your weekend project ;)

  9. Navin 19 August 2008 at 11:31 am Permalink

    10x U Morgan for the link, but this isn’t what I’d initially thought it was :(

    But do report on how Ur “project” turns out!! :)