There is a worm that has been around for months now, that is getting smarter and targeting social networking sites like Facebook, MySpace and Twitter. It is a new variant of a worm called Koobface, or as most people have been calling it, “the Facebook virus.” Although, the worm has targeted other social network sites such as, Friendster, Bebo, it has been affecting Facebook users the most.

Koobface “the Facebook Virus”

If someone’s computer becomes infected by the Koobface worm, it starts spamming comments on friends belonging to the owner of the computer. The comments say things like, “Are you sure this is your first acting experience?”, “impressive. i’m sure it’s you on this video”, “How can anyone get so busted by a spy camera?”, “You’re the whole show! i’m admired with you.”, and “is it u there?”, making it appear as though they came from the person who the virus has infected. It is possible that some of the comments may raise some suspician due to their poor grammar, however, some may seem more appealing and inviting to people. As Alexander Gostev, Senior Virus Analyst at Kaspersky Lab says, “Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites. So the likelihood of a user clicking on a link like this is very high”. I know I personally have been curious about one of the highlights that is currently showing up on my news feed page, and I am tempted to click it, knowing that it was a link to the virus. It said that a person on my friends list had commented on it, making me interested to see what it was about. I had asked my friend if they had in fact commented on it and they said they did not.

The Spam Message

When users click on these links, it takes them to a page on another site that offers a video download from Youtube, and when you accept, it tells you that you need to install a new version of Adobe Flash Player for you to be able to continue.

The Suspicious Video Download

Once you click install you become infected, and are vulnerable to many more risks. When searching on Google users will get redirected to other malicious websites, as McAfee’s Craig Schmugar said that this new variant of Koobface installs “a proxy server is installed to %ProgramFiles%\tinyproxy\tinyproxy.exe and a service named Security Accounts Manager (SamSs)” which will load when your computer starts up. It looks for traffic on Google, Yahoo and other major search engines, so that it can hi-jack the search results. “Search terms are directed to find-www.net”, which enables more security risks like ad hi-jacking or click fraud.

The Flash Player Update Message

Showing In My Highlights Currently On My Newsfeed

Will Social Networks Ever Be Safe?

Kaspersky Lab predicted at the beginning of 2008, that attacks by cybercriminals would increase on social networks.

4. Attacks on social networks

In 2008, phishing is expected to undergo major changes and to increasingly target social networks. Subscriber account data for services such as Facebook, MySpace, LiveJournal, Blogger, and other similar services, will become more frequently targeted by malicious users. This will become an important alternative method to infecting hacked sites with malware. In 2008, a number of Trojan programs will spread via the blogs and profiles of social network user accounts.

Another problem related to social networks are XSS/PHP/SQL attacks. In contrast to phishing, which employs exclusively fraudulent methods and social engineering, these attacks are based on errors and vulnerabilities in Web 2.0 services and may even affect highly computer-literate users. As always, the goal is to obtain private data and create several databases or lists in order to launch subsequent attacks using more traditional methods.

We have only begin to see the beginning of it. Virus writers will continue focusing on social networks more and more intensely. People need to be aware of this, and know how to protect themselves.

Tips On Protecting Yourself

Everyone should already have, and actively use, up-to-date antivirus software. My personal suggestions would be McAfee, Norton, but if you don’t want to or can’t afford to pay for either of those, there are free antivirus programs like AVG, Avira. Regularly update whatever program you use, and run virus scans at least once a week, if not more. Everyone should also have some kind of spyware protection as well. Spybot – Search and Destroy is one of the best free anti-spyware programs available, but it is a good idea to have other programs since you can’t find and remove all spyware with one program.

Don’t open any spam messages you see on Facebook. Be more cautious of a comment someone has left you and think whether or not that person would say something like that to you. The same thing goes for spam emails. It is the same thing now on social networks.

If you see a site that appears suspicious, or asks you to to download anything like a video or Flash Player, DO NOT download it. Get off of the site as quickly as possible. I have a good amount of experience when it comes to malware, so I have been to a lot of “bad neighborhoods” on the internet, a network of malicious websites, that have sometimes upon loading a web page, started to automatically download an .exe file that I did not even accept to or was even asked if I wanted to download it. I would not be surprised to see this in the future on social networks.

Tell as many people as you can about the risks that are out there. The more people that protect themselves, the more you’re protected. If your friends don’t get infected then you have less of a chance to receive a spam comment from them, that you may unknowingly click on and inturn become infected as well.

Become a fan of Facebook’s security page and keep a close eye on any updates they have about the latest threats. There is a lot of information posted on there that people should be aware of.

Images from: McAfee Avert Labs