Fw: Facebook worm!

[Guest guest]

Facebook worm!

 

 

Hi All,

I want you to watch out for a serious computer worm inundating FACEBOOK! That’s why I don’t believe in visiting such social sites, they can be very costly. You need to remember to delete temporary itnernet files and cookies, AS WELL AS don't go to any sites/web links that ANYBODY else can access, and, of course update your antivirus/antispyware protection and scan at least once a month. Makes sense doesn't it?

 

Please be careful,

Peggy Pope

CAppTech

Computer Applications and Technology Service

My comments are included in bold print.

 

For those of you who use Facebook, you should read the following:

 

This is from a Tech informational article:

Koobface, Other Worms Target Facebook Friends (NewsFactor)

Posted on Thu Mar 5, 2009 11:31AM EST

The link for your reference is: http://tech./news/nf/20090305/tc_nf/65095

 

As Facebook works to make itself more relevant and timely for its growing member base with a profile page makeover, attackers seem to be working overtime to steal the identities of the friends, fans and brands that connect though the social-networking site.

 

Indeed, Facebook has seen five different security threats in the past week. According to Trend Micro, four new hoax applications are attempting to trick members into divulging their usernames and passwords. And a new variant of the Koobface worm is running wild on the site, installing malware on the computers of victims who to a fake YouTube video.

 

The Koobface worm is dangerous. It can be dropped by other malware and downloaded unknowingly by a user when visiting malicious Web sites, Trend Micro reports. When attackers execute the malware, it searches for cookies created by online social networks. The latest variant is targeting Facebook, but earlier variants have also plagued MySpace.

 

Koobface's Wicked Agenda

Once Koobface finds the social-networking cookies, it makes a DNS query to check IP addresses that correspond to remote domains. Trend Micro explains that those servers can send and receive information about the affected machine. Once connected, the malicious user can remotely perform commands on the victim's machine.

 

"Once cookies related to the monitored social-networking Web sites are located, it connects to these Web sites using the user log-in session stored in the cookies. It then navigates through pages to search for the user's friends. If a friend has been located, it sends an HTTP POST request to the server," Trend Micro reports.

 

Ultimately, the worm's agenda is to transform the victim's computer into a zombie and form botnets for malicious purposes. Koobface attempts to do this by composing a message and sending it to the user's friends. The message contains a link to a Web site where a copy of the worm can be downloaded by unsuspecting friends. And the cycle repeats itself.

 

An Attractive Face(book)

Malware authors are investing more energy in Facebook and other social-networking sites because that effort pays off, according to Michael Argast, a security analyst at Sophos. Facebook alone has more than 175 million users, which makes it an attractive target.

 

"Many computer users have been conditioned not to open an attachment from an e-mail or click a link found within, but won't think twice about checking out a hot new video linked to by a trusted friend on Facebook," Argast said.

 

Argast called the Koobface worm a mix of something old and something new. The new is using social networks as a method to spread malware. The old is using fake codec Trojans linked to a saucy video to induce the user to install the malware.

 

Argast said people can protect themselves by running up-to-date antivirus software, restricting which Facebook applications they install, thinking twice before clicking on links from friends and never, never installing a codec from some random Web site in the hopes of catching some celebrity in a compromised situation.

 

"I would expect to see more attacks on Facebook," Argast said. "As long as this is a successful propagation method, the bad guys will double down and invest more. They are entirely motivated by financial gain. If it pays, they'll continue to romp in your social playgrounds."

 

 

For your reference, the following I found at the Cornell University website and their link I have listed after the title:

 

Destructive Koobface virus turns up on Facebook

The link for your reference is: http://www.cit.cornell.edu/catc/cms/security/upload/ComputerSecurityatCornell2009-2.pdf

 

Facebook’s 120 million users are being targeted by a virus dubbed “Koobface” that uses the social network’s messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.

 

It is the latest attack by hackers increasingly looking to prey on users of social networking sites. “A few other viruses have tried to use Facebook in similar ways to propagate themselves,” Facebook spokesman Barry Schnitt said in an email. He said a “very small percentage of users” had been affected by these viruses.

 

“It is on the rise, relative to other threats like e-mails,” said Craig Schmugar, a researcher with McAfee Inc. Koobface spreads by sending notes to friends of someone whose PC has been infected. The messages, with subject headers like, “You look just awesome in this new movie,” direct recipients to a website where they are asked to download what it claims is an update of Adobe Systems Inc’s Flash player. If they download the software, users end up with an infected computer, which then takes users to contaminated sites when they try to use search engines from Google, , MSN and Live.com, according McAfee. McAfee warned in a blog entry on Wednesday that its researchers had discovered that Koobface was making the rounds on Facebook.

 

Facebook requires senders of messages within the network to be members and hides user data from people who do not have accounts, said Chris Boyd, a researcher with FaceTime Security Labs. Because of that, users tend to be far less suspicious of messages they receive in the network.

 

“People tend to let their guard down. They think you’ve got to log in with an account, so there is no way that worms and other viruses could infect them,” Boyd said. Privately held Facebook has told members to delete contaminated emails and has posted directions at http://www.facebook.com/security on how to clean infected computers.

 

Richard Larmer, chief executive of RLM Public Relations in New York, said he threw out his PC after it became infected by Koobface, which downloaded malicious software onto his PC. It was really bad. It destroyed my computer,” he said.

 

McAfee has not yet identified the perpetrators behind Koobface, who are improving the malicious software behind the virus in a bid to outsmart security at Facebook and MySpace. “The people behind it are updating it, refining it, adding new functionalities,” said McAfee’s Schmugar.