New MySpace and Facebook Worm Target Social Networks

Well another reason for you guys (and gals) to avoid social networks, a new worm is spreading. Again they are using the same ploys that have been leveraged for years on e-mail and instant messaging.

Trust is gained as the message or link/video/etc comes from a known source so people are more likely to click/open/play it and infect themselves.

Just because a “friend” sends you something on Facebook or MySpace doesn’t mean you should trust it.

A new worm is spreading via Facebook and MySpace, turning victims’ computers into zombies on a botnet, Kaspersky Lab said on Friday.

Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.

The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.

It seems this one is not just interested in spamming your wall or putting something stupid or embarrassing in your profile.

This social networking worm is another vector for installing an actual executable on your computer and turning your machine into a zombie.

When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.

“We’ve seen these types of worms before, typically around MySpace,” he said. “People are more trusting of things they receive from a friend,” and many people don’t recognize that what they are downloading isn’t a legitimate Flash Player file, but a malicious program.

Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.

The same warnings apply to this as anything else, don’t download unknown executables! Definitely don’t install anything that you didn’t download yourself and have scanned with an up to date antivirus package.

Even if it comes from someone you know it doesn’t mean they actually sent it, you better ask them first if they really meant to send it or they are infected with something.

Source: Cnet (Thanks to Navin)

Posted in: Malware, Privacy, Web Hacking

, , , , , ,

Latest Posts:

Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.

9 Responses to New MySpace and Facebook Worm Target Social Networks

  1. Morgan Storey August 18, 2008 at 12:14 pm #

    Thanks Navin. Interesting, unfortunately this is just more non-it’s getting duped to run something they shouldn’t.

    @Darknet: so where can we submit articles? You have my email address, but I don’t have yours (can’t find it on the site). PS my offer still stands to assist moderating posts, or heck moderate a forum and move most of the post out of comments.

  2. Pantagruel August 18, 2008 at 1:14 pm #

    Again the human factor is put to the test.
    Can he/she resist the temptation of opening the attachment from an unknown source, perhaps these finally do contain X-rated pic of the favorite musician/actor/…

    @Morgan Storey
    Use the Contact Darknet option

  3. Navin August 18, 2008 at 2:53 pm #

    @ Pantagruel needn’t be a actor/actress……last yr during the soccer world cup, a worm which was titled “|\|ude Soccer World Cup” infected thousands of users who clicked on it

    Guess “|\|ude” is the key word

    BTW Cheers :)

    And I repeat, Damn the Spam filter!!!!!! :(

  4. Morgan Storey August 19, 2008 at 12:15 am #

    @Navin and Pantagruel: A long time ago I had a firewall that created a fake C drive that an attacker would see if they got through, I filled it with a tiny win95 install and in my documents I had Diablo3_secretdemo.exe which was just a renamed virus I had saved and tweaked so that it basically crashed the target and didn’t spread, I only got two skiddies. I watched it in the logs ip blah connected… ip blah change directory, IP blah downloaded Diablo3_secretdemo.exe ip blah uploaded sub7.exe, ip blah dropped connection… hahahah.
    See not all motivators are sex.
    Thems where the days though.

    @Navin: I think a moderated system, or login system would be better.

    @Darknet: I have been checking out your other blogs, and email is on its way with some ot questions.

  5. eM3rC August 19, 2008 at 5:29 am #

    I understand that people will fall for the nude pics or free games but there are also the people that had their kids set up a facebook profile for them or were convinced by their kids to set up an email.

    With this in mind, many people will fall for these scams just because they have no knowledge of the computer world, period. This includes random things they get on social networks to getting basic protection for their computer.

    Knowledge is power and protection, too many people don’t have this :P

  6. Navin August 19, 2008 at 7:32 am #

    Hey which firewall was that?? Would love to take it on a spin….one of my fave pastimes is bugging skiddies who’re constantly on my back!! :)

  7. Morgan Storey August 19, 2008 at 8:24 am #

    @Navin: Your lucky I have a mind like a steal trap, I remembered what it was called, it only defeats the Netbus trojan attack, so you will need to have your firewall open (nat etc), even then I don’t like your chances, this was a worry to me back in 98, but now…

    I just thought of one though, as I have seen a lot of VNC traffic hit firewalls and even servers in the past. Simply create a VM, put the 4.11 RealVNC on it (known vulerability that allows no password to be defined by the client) and on the unlocked desktop put a file that you have constructed to do something nasty, then let them at you :P
    I have a weekend project :P

  8. Pantagruel August 19, 2008 at 8:46 am #

    @Morgan Storey

    True, the possible finding of a yet to appear piece of software will definitely attract attention.

    I’ve had a honeypot running for several month but disconnected it eventually. I got fed up with all the skiddies having a go at it. Our email/web/ssh/etc server still gets attacked twice (on average) a day (ssh brute forcing,dir traverse trials,etc) which gives me enough logs to peruse.

    have phun with your weekend project ;)

  9. Navin August 19, 2008 at 11:31 am #

    10x U Morgan for the link, but this isn’t what I’d initially thought it was :(

    But do report on how Ur “project” turns out!! :)