New worms target both MySpace and Facebook users
Kaspersky Lab, a leading developer of secure content management systems, has
detected two variants of a new worm, Networm.Win32.Koobface.a. and
Networm.Win32.Koobface.b, which attack MySpace and Facebook respectively. As
part of their malicious payload, the worms transform victim machines into zombie
computers to form botnets.
Even though the worms are currently only infecting MySpace and Facebook users
Kaspersky Lab analysts are warning users that the worms are designed to upload
additional malicious modules with other functionality via the Internet. It is
highly probable that victim machines will not only be used for spreading links
via these social networking sites, but the botnets will also be used for other
malicious purposes.
Net-Worm.Win32.Koobface.a spreads when a user accesses his/ her MySpace
account. The worm creates a range of commentaries to friends' accounts.
Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages
and sends them to the infected users' friends via the Facebook site.
The messages and comments include texts such as "Paris Hilton Tosses Dwarf
On The Street"; "Examiners Caught Downloading Grades From The
Internet"; "Hello; You must see it!!! LOL. My friend catched you on
hidden cam"; "Is it really celebrity? Funny Moments and many
others".
Messages and comments on MySpace and Facebook include links to
youtube.[skip].pl. If the user clicks on this link, s/he is redirected to
http//youtube.[skip].ru, a site which purportedly contains a video clip. If the
user tries to watch it, a message appears saying that s/he needs the latest
version of Flash Player in order to watch the clip. However, instead of the
latest version of Flash Player, a file called codesetup.exe is downloaded to the
victim machine; this file is also a network worm. The result is that users who
have come to the site via Facebook will have the MySpace worm downloaded to
their machines, and vice versa.
"Unfortunately, users are very trusting of messages left by
'friends' on social networking sites. So the likelihood of a user
clicking on a link like this is very high", says Alexander Gostev, Senior
Virus Analyst at Kaspersky Lab. "At the beginning of 2008 we predicted
(http://www.viruslist.com/en/analysis?pubid=204791987#tendencies ) that we'd
see an increase in cybercriminals exploiting MySpace, Facebook and similar
sites, and we're now seeing evidence of this. I'm sure that this is
simply the first step, and that virus writers will continue to target these
resources with increased intensity".
Kaspersky Internet Security 2009 detected these threats proactively and
signatures were added to the database on July 31, 2008.
Kaspersky Lab Information Service
10/1 1st Volokolamsky Proezd, Moscow, 123060, Russia
Tel./Fax: +7 495 797 87 00
e-mail: timur.tsoriev@kaspersky.com
http://www.kaspersky.com; http://www.viruslist.com
Visit us online at www.kaspersky.com/press
0 Comments
Catat Ulasan