New MySpace and Facebook Worm Target Social Networks

Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.

Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it and infect themselves.

Just because a “friend” sends you something on Facebook or MySpace doesn’t mean you should trust it.

A new worm is spreading via Facebook and MySpace, turning victims’ computers into zombies on a botnet, Kaspersky Lab said on Friday.

Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.

The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.

It seems this one is not just interested in spamming your wall or putting something stupid or embarrassing in your profile.

This social networking worm is another vector for installing an actual executable on your computer and turning your machine into a zombie.

When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.

“We’ve seen these types of worms before, typically around MySpace,” he said. “People are more trusting of things they receive from a friend,” and many people don’t recognize that what they are downloading isn’t a legitimate Flash Player file, but a malicious program.

Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.

The same warnings apply to this as anything else, don’t download unknown executables! Definitely don’t install anything that you didn’t download yourself and have scanned with an up to date antivirus package.

Even if it comes from someone you know it doesn’t mean they actually sent it, you better ask them first if they really meant to send it or they are infected with something.

Source: Cnet (Thanks to Navin)

Posted in: Malware, Privacy, Web Hacking

, , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

9 Responses to New MySpace and Facebook Worm Target Social Networks

  1. Morgan Storey August 18, 2008 at 12:14 pm #

    Thanks Navin. Interesting, unfortunately this is just more non-it’s getting duped to run something they shouldn’t.

    @Darknet: so where can we submit articles? You have my email address, but I don’t have yours (can’t find it on the site). PS my offer still stands to assist moderating posts, or heck moderate a forum and move most of the post out of comments.

  2. Pantagruel August 18, 2008 at 1:14 pm #

    Again the human factor is put to the test.
    Can he/she resist the temptation of opening the attachment from an unknown source, perhaps these finally do contain X-rated pic of the favorite musician/actor/…

    @Morgan Storey
    Use the Contact Darknet option

  3. Navin August 18, 2008 at 2:53 pm #

    @ Pantagruel needn’t be a actor/actress……last yr during the soccer world cup, a worm which was titled “|\|ude Soccer World Cup” infected thousands of users who clicked on it

    Guess “|\|ude” is the key word

    BTW Cheers :)

    And I repeat, Damn the Spam filter!!!!!! :(

  4. Morgan Storey August 19, 2008 at 12:15 am #

    @Navin and Pantagruel: A long time ago I had a firewall that created a fake C drive that an attacker would see if they got through, I filled it with a tiny win95 install and in my documents I had Diablo3_secretdemo.exe which was just a renamed virus I had saved and tweaked so that it basically crashed the target and didn’t spread, I only got two skiddies. I watched it in the logs ip blah connected… ip blah change directory, IP blah downloaded Diablo3_secretdemo.exe ip blah uploaded sub7.exe, ip blah dropped connection… hahahah.
    See not all motivators are sex.
    Thems where the days though.

    @Navin: I think a moderated system, or login system would be better.

    @Darknet: I have been checking out your other blogs, and email is on its way with some ot questions.

  5. eM3rC August 19, 2008 at 5:29 am #

    I understand that people will fall for the nude pics or free games but there are also the people that had their kids set up a facebook profile for them or were convinced by their kids to set up an email.

    With this in mind, many people will fall for these scams just because they have no knowledge of the computer world, period. This includes random things they get on social networks to getting basic protection for their computer.

    Knowledge is power and protection, too many people don’t have this :P

  6. Navin August 19, 2008 at 7:32 am #

    Hey which firewall was that?? Would love to take it on a spin….one of my fave pastimes is bugging skiddies who’re constantly on my back!! :)

  7. Morgan Storey August 19, 2008 at 8:24 am #

    @Navin: Your lucky I have a mind like a steal trap, I remembered what it was called, it only defeats the Netbus trojan attack, so you will need to have your firewall open (nat etc), even then I don’t like your chances, this was a worry to me back in 98, but now…

    I just thought of one though, as I have seen a lot of VNC traffic hit firewalls and even servers in the past. Simply create a VM, put the 4.11 RealVNC on it (known vulerability that allows no password to be defined by the client) and on the unlocked desktop put a file that you have constructed to do something nasty, then let them at you :P
    I have a weekend project :P

  8. Pantagruel August 19, 2008 at 8:46 am #

    @Morgan Storey

    True, the possible finding of a yet to appear piece of software will definitely attract attention.

    I’ve had a honeypot running for several month but disconnected it eventually. I got fed up with all the skiddies having a go at it. Our email/web/ssh/etc server still gets attacked twice (on average) a day (ssh brute forcing,dir traverse trials,etc) which gives me enough logs to peruse.

    have phun with your weekend project ;)

  9. Navin August 19, 2008 at 11:31 am #

    10x U Morgan for the link, but this isn’t what I’d initially thought it was :(

    But do report on how Ur “project” turns out!! :)