Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Virus alerts

Virus alerts

Facebook Worm Active Again

The new variant passes Facebook's security filters

By Lucian Constantin, Web News Editor

6th of December 2008, 11:12 GMT

Adjust text size:


Facebook worm morphs again
Enlarge picture
The writers of the Koobface worm that propagates on social networking websites have just released a new variant that is able to trick the security filters enforced by Facebook. In order to achieve this, the new strain makes use of the website's own features against itself.

The Koobface worm was first detected back in July, with the two original variants attacking MySpace and Facebook, respectively. The worm employs social engineering tactics and profits from the core design concepts of social networking websites. Instead of registering fake accounts on the websites in order to propagate, the worm uses the legit accounts accessed from the infected computers.

This technique is particularly effective against security features that allow certain actions to be performed only by users added to the friends list of an account. It also gives spam messages more credibility, since they come from what people might think is a trusted source.

Koobface new spam messages
Enlarge picture
The Koobface worm propagates by sending spam messages with links to fake video files and encourages the users to visit them. The links take them to a page that imitates an embedded video file. Attempting to view the file results in an error that instructs the users to install a video codec, which is actually the malicious executable that drops the worm onto the system.

In an attempt to mitigate these attacks, Facebook and MySpace have enforced special security policies and filters. Even though these actions did not kill the worm entirely, they significantly reduced its propagation rate. As a response, the worm's writers released new variants that featured new techniques of bypassing the security measures.

For example, one such variant, released in October, resorted to hosting the fake pages on Google's Picasa Web Albums service, relying on the fact that generic filtering of links on this domain would be difficult since it would also prevent users from sharing legit Picasa resources on Facebook. The latest variant is similar, but the hosting has been changed from Google's Picasa to Yahoo's Geocities service.

Fake Flash Player installer
Enlarge picture
In addition, the spam messages do not contain direct links anymore. Instead, they are using Facebook's own redirect feature through links of the form http://www.facebook.com/l.php?u=http://geocities.com/account/fake_page. This redirects users from the social networking site to the malicious pages serving a fake Flash Player installer.

While keeping your security software updated should help prevent such attacks, being careful about what links you decide to visit, even if they are sent by a friend on a social networking website, is highly recommended.

TAGS:

 Koobface | social engineering | social networking | Facebook | spam
Read by 4,279 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Good (3.6/5) 3 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Facebook Worms Use Google Services

Computer Virus Eradicated from London Hospitals' Network

Cyber-Attack Cripples Critical U.S. Military Networks

DNS Changing Malware Employs New Technique

YouTube and MySpace as Election Tools

Live Search and Facebook Marry in Social Networking

Facebook 1.5 Is to Be Released in January

User opinions:


Comment #1 by: Rupali on 08 Dec 2008, 10:04 GMT reply to this comment

I think Facebook worm comes from the other infected friends on the social networking sites...

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive