Saturday, March 07, 2009

Getting viruses from friends

And washing your hands won't help:
...Facebook has seen five different security threats in the past week. According to Trend Micro, four new hoax applications are attempting to trick members into divulging their usernames and passwords. And a new variant of the Koobface worm is running wild on the site, installing malware on the computers of victims who click on a link to a fake YouTube video.

The Koobface worm is dangerous. It can be dropped by other malware and downloaded unknowingly by a user when visiting malicious Web sites, Trend Micro reports. When attackers execute the malware, it searches for cookies created by online social networks. The latest variant is targeting Facebook, but earlier variants have also plagued MySpace.

Koobface's Wicked Agenda

Once Koobface finds the social-networking cookies, it makes a DNS query to check IP addresses that correspond to remote domains. Trend Micro explains that those servers can send and receive information about the affected machine. Once connected, the malicious user can remotely perform commands on the victim's machine.

"Once cookies related to the monitored social-networking Web sites are located, it connects to these Web sites using the user log-in session stored in the cookies. It then navigates through pages to search for the user's friends. If a friend has been located, it sends an HTTP POST request to the server," Trend Micro reports.

Ultimately, the worm's agenda is to transform the victim's computer into a zombie and form botnets for malicious purposes. Koobface attempts to do this by composing a message and sending it to the user's friends. The message contains a link to a Web site where a copy of the worm can be downloaded by unsuspecting friends. And the cycle repeats itself.

Ways to protect yourself?
Argast called the Koobface worm a mix of something old and something new. The new is using social networks as a method to spread malware. The old is using fake codec Trojans linked to a saucy video to induce the user to install the malware.

Argast said people can protect themselves by running up-to-date antivirus software, restricting which Facebook applications they install, thinking twice before clicking on links from friends and never, never installing a codec from some random Web site in the hopes of catching some celebrity in a compromised situation.
Basically wear protection at all times....


Ali said...

you're probably immune if you ignore the "are you hot or not" applications and their ilk. I hope! I spend far too much time on FB.

ellroon said...

I've recently used Malwarebyte's Anti-Malware scanner which did a wonderful job on the Vundo virus on my daughter's and my computer. Also have Mcafee... but I know they still get in.

Haven't started a FB yet....