Russian computer security company Kaspersky Lab has this week uncovered a pair of new worm variants designed to aim their attacks specifically at hugely popular social networking services Facebook and MySpace.
The aptly titled Web Worms. Image: Luke Wisley/Flickr.
According to Moscow-based Kaspersky, if able to unleash their malicious payloads, the two worms (‘Net-Worm.Win32.Koobface.a’ and ‘Net-Worm.Win32.Koobface.b‘) can transform infected computers into zombie systems, which are then used to create botnets.
Kaspersky notes that the worms have been crafted to upload additional malicious modules with other damaging functionality via the Internet, which could see them spreading beyond Facebook and MySpace.
The security vendor’s analysts also claim “it is highly probable” that computers falling foul of the worms will not only be used for spreading links throughout social networking sites, but also that the botnets will serve to deliver other potentially dangerous content too.
‘Net-Worm.Win32.Koobface.a’ spreads when a user accesses their MySpace account, with the worm taking hold by creating a range of commentaries through friends’ accounts. Similarly, ‘Net-Worm.Win32.Koobface.b’ targets Facebook users by creating spam messages and dispatching them to the infected users’ Facebook friends.
Suspect incoming messages and comments from approved friends include texts such as: “Paris Hilton Tosses Dwarf On The Street”; “Examiners Caught Downloading Grades From The Internet”; “Hello, You must see it!!! LOL. My friend catched you on hidden cam”; “Is it really celebrity? Funny Moments” and many others.
Beyond the obvious lack of personal content, which may see many diligent recipients to deleting the messages as potentially dangerous, those who do click on them based on recognising the sender should be wary of the following URL links that are held within:
http://youtube.[skip].pl, which, if clicked will redirected the user to http://youtube.[skip].ru, which is a site purportedly containing a must-see video clip.
Based on the highly suspect .pl and .ru YouTube addresses, if the user hasn’t heard alarm bells ringing at this point, then actually attempting to watch any waiting video clip will prompt them to install the latest version of Flash Player. Attempting to do so installs a file called “codecsetup.exe” which contains the network worm.
“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites. So the likelihood of a user clicking on a link like this is very high,” commented Alexander Gostev, senior virus analyst at Kaspersky.
According to Kaspersky, the two new worm strains are likely to be a precursor to a rush of criminal activity directed towards user-heavy networking sites on the Internet.
“At the beginning of 2008 we predicted that we’d see an increase in cyber criminals exploiting MySpace, Facebook and similar sites,” added Gostev. “I’m sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity.”
Kaspersky Internet Security detected these threats proactively and signatures were added to the database on July 31, 2008.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)