New MySpace and Facebook worms warning
Kaspersky Lab has reported detection of two variants of a new worm, Networm.Win32.Koobface.a. and Networm.Win32.Koobface.b, which attack the social networking websites MySpace and Facebook respectively. The worms transform victim machines into zombie computers to form botnets as part of their malicious payload.
Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is ‘highly probable’ that victim machines will be used for spreading links via these social networking sites, as well as used for other malicious purposes.
Net-Worm.Win32.Koobface.a spreads when a user accesses their MySpace account. The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as ‘Paris Hilton Tosses Dwarf On The Street’, ‘Examiners Caught Downloading Grades From The Internet’, ‘Hello; You must see it!!! LOL. My friend catched you on hidden cam’, ‘Is it really celebrity? Funny Moments’, and many others.
Messages and comments on MySpace and Facebook include links to ‘youtube.[skip].pl’. If the user clicks on this link, they are redirected to http//youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying that they needs the latest version of Flash Player in order to watch the clip; however, instead a file called codesetup.exe is downloaded to the victim machine. This file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.
“Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high,” says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab. “Kaspersky Lab currently adds up to 1000 new signatures to its anti-malware database daily - last week we reached 1m signatures - and while the bells and whistles type threats have gone away, threats are now silent, malicious, and growing at pace.”