0 Replies Latest reply on Aug 29, 2008 9:21 AM by HarryWaldron

    New Facebook worms are circulating

      Trend is warning of two new malware that are currently circulating in-the-wild :eek:

      Users of any social networking environment environment should be cautious as malware based have been actively circulating in Facebook, MySpace, etc. Social networking sites provide for human-to-human electronic contact and in most cases it will be among trusted friends.

      Folks still need to be very careful in these environments in their trust of strangers and in sharing any personal information. Secondly, they need to mostly stay with exchanges of text, and avoid any URLs or files offered as much as possible. This includes even their trusted friends, (esp. unusual or out-of-character messages, files, or links) -- as their PCs could be infected.


      Worms Wriggling Their Way Through Facebook
      http://blog.trendmicro.com/worms-wriggling-their-way-through-facebook/

      QUOTE: Trend Micro has flagged two malware with a type that is slowly and steadily making itself get noticed: worms, and the most notable to date are WORM_KOOBFACE.E and WORM_KOOBFACE.D. One may recall that both worms are unique since these take advantage of user interactivity, an awesome Web 2.0-borne feature, by making this a part of the whole propagation chain.

      Somewhere between their execution on the affected system to their possible deletion from it, these worms search for a string or set of strings in cookie files related to the popular social-networking site Facebook. Once a match is found, these worms then access the user’s profile using the credentials from the cookies to add links pointing to a copy of itself in the affected user’s profile for virtually anyone to find and click on to download.

      Infected users therefore put their frequent profile visitors (who might be more than willing to click on the link since it appears to be a new profile update that they haven’t checked out yet) in harm’s way, along with virtually anyone who stumbles upon the infected profile and clicks on the offending link.

      New Koobface worms attack Facebook environment
      http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KOOBFACE.D
      http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KOOBFACE.E

      Koobface worms - Trend Behavioral Analysis
      http://www.trendmicro.com/vinfo/images/WORM_KOOBFACE_E_BD.gif

      QUOTE: This worm may be downloaded from the Internet. Upon execution, it drops a copy of itself. It displays a message box to trick users into thinking that it did not execute properly. It accesses the Google Web site to check for an Internet connection. It creates a registry entry to enable its automatic execution at every system startup. It also drops non-malicious files.

      This worm checks if the user has visited the social networking Web site Facebook by searching for cookies with a certain string. If it finds the said string, it adds links to the affected user's profile that points to a copy of this worm. It deletes itself if no cookies that refer to Facebook are found. It connects to a certain Web site to send and receive information.

      Facebook - Fastest Growing Network
      http://www.techtree.com/India/News/Facebook_Largest_Fastest_Growing_Social_Netwo rk/551-92134-643.html

      Facebook Social Networking Environment - An Overview
      http://en.wikipedia.org/wiki/Facebook