Kaspersky Lab has detected two cyber attacks targeting the users of MySpace
and Facebook. As part of their malicious payload, the worms transform the
victim machines into zombie computers to form botnets. The two variants of
the new worm, Networm.Win32.Koobface.a. and Networm.Win32.Koobface.b, attack
MySpace and Facebook respectively.
Even though the worms are currently only infecting MySpace and Facebook
users, Kaspersky Lab analysts are warning users that the worms are designed
to upload additional malicious modules with other functionality via the
Internet. It is highly probable that victims machines will not only be used
for spreading links via these social networking sites, but the botnets will
also be used for other malicious purposes.
Net-Worm.Win32.Koobface.a spreads when a user accesses his/ her MySpace
account. The worm creates a range of commentaries to friends' accounts.
Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam
messages and sends them to the infected users' friends via the Facebook
site. The messages and comments include texts such as Paris Hilton Tosses
Dwarf On The Street; Examiners Caught Downloading Grades From The Internet;
Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it
really celebrity? Funny Moments and many others.
Messages and comments on MySpace and Facebook include links to
YouTube.[skip].pl. If the user clicks on this link, s/he is redirected to
http//youtube.[skip].ru, a site which purportedly contains a video clip. If
the user tries to watch it, a message appears saying that s/he needs the
latest version of Flash Player in order to watch the clip. However, instead
of the latest version of Flash Player, a file called codesetup.exe is
downloaded to the victim machine; this file is also a network worm. The
result is that users who have come to the site via Facebook will have the
MySpace worm downloaded to their machines, and vice versa.
"Unfortunately, users are very trusting of messages left by 'friends' on
social networking sites. So the likelihood of a user clicking on a link like
this is very high", says Alexander Gostev, senior virus analyst at Kaspersky
Lab. "At the beginning of 2008 we predicted that we'd see an increase in
cybercriminals exploiting MySpace, Facebook and similar sites, and we're now
seeing evidence of this. I'm sure that this is simply the first step, and
that virus writers will continue to target these resources with increased