If the security firm Trend Micro is to be believed, another variant of the popular koobface worm has made its way into facebook again. But this time, it's not only facebook that's getting affected, other social-networking sites like MySpace, hi5, LiveJournal etc too are not being spared.
If you recall, 'koobface' was first identified in December 2008, wherein it asked users to update their flash players and in turn downloaded a malicious file. This time too, the trick is the same, just the method has changed a bit. This time a popular video-sharing website, Youtube, is being spoofed to spread the malicious file.
Users reportedly receive a very standard looking message asking them to check out a video. This link redirects the user to another site which looks like Youtube, wherein user is asked to install the Adobe Flash Player which in reality is a malicious executable file. What is more alarming is that the site to which the user is redirected consists of a video which seems to be uploaded by the same friend and displays his profile picture! The worm, as specified in the Trend Micro blog, is 'WORM_KOOBFACE.AZ'.
The worm connects to a site by using the login details of the infected user from the cookies and then spreading by sending the messages to friends of the infected user. Apart from that, it might also give hackers access to the user's computer.
The worm has infected 38 computers up till now, 36 in North America and the remaining 2 in Europe. Even though it has not spread much, it is a major setback for facebook which seems to be getting attacked from various kinds of rouge apps and worms.
Facebook had recently removed two apps which spread messages like 'F a c e b o o k - closing down!!! and 'Error Check System'. In the facebook - closing down app, users were told that their friends have reported them for violating Facebook's terms of service and in the Error Check System app, the users were shown a notification which stated that their friends are not able to view their profiles. After users clicked on the link, an app was downloaded and installed on their computer thus spamming their friends too with the same message.
Facebook had started an Application Verification Program in November last year but it has not deterred the hackers from making rouge apps since the program is optional.
Social Networking sites are being targeted by the hackers these days considering the number of users involved, these sites are an easy target and it would be better for facebook as well as for the entire social networking community to improve their app verification policies.
The sites which have been affected include facebook.com, hi5.com, friendster.com, myyearbook.com, myspace.com, bebo.com, tagged.com, netlog.com, fubar.com, livejournal.com.
Some important precautionary measures which users should undertake -
- verify the app before installing
- don't click on unknown links even though they might appear to have been sent by your friend
To read more about how the worm is spreading, check out the Trend Labs Malware Blog.