A family of worms that use Facebook has emerged, downloading and installing fake antivirus – the Boface.BJ.worm – to defraud users.
The worldwide infection ratio of this family of worms now stands at 1%, and the increase in the number of infections has reached 1 200% in recent months
According to global IT vendor Panda Security, the 56th variant of the Boface family of worms has just appeared. Each of these variants has been designed especially to use Facebook to distribute and download malware. This is largely due to the enormous global popularity of this social network and the potential it offers for reaching numerous users. The BJ variant in particular uses Facebook to download and install rogue anti-malware and trick users into believing they are infected and consequently buy a fake antivirus.
Data compiled through the free Panda ActiveScan online scanner has shown that since August 2008, 1% of all computers scanned were infected by a variant of Boface.
"Extrapolating this data in line with the number of Facebook users (approximately 200-million), we arrive at a figure of 2-million users that could be infected," says Jeremy Matthews, head of Panda's sub-Saharan operations. "The increasing number of variants in circulation is due to the aim of cyber-crooks to infect as many users as possible and therefore boost their financial returns".
Almost 40% are in the US, with the rest distributed across many different countries. The number of infections observed for this type of malware since August, indicates an exponential growth rate as high as 1 200%, comparing April 2009 with August 2008.
The rogue anti-malware business is one of the most prolific cyber-crime activities, with respect to the number of examples in circulation. Panda forecasts quarterly growth of more than 100% for the current year.
The new Boface.BJ worm reaches computers in several ways: email messages with attachments, internet downloads, files transferred via FTP, IRC channels and P2P file-sharing networks.
Once the computer has been infected, the worm kicks into action once infected users have entered their Facebook accounts. In that moment, it sends a message to the entire network of friends, including the infected user. Anyone clicking on the link in the message will be taken to a fake YouTube page (called "YuoTube) where they will supposedly be able to see a video. However, they will first be prompted to download a media player. If the user accepts, the fake antivirus will be immediately downloaded.
From the moment it is installed, this malware will launch messages claiming that the computer is infected and that the user must buy a solution.
Given Facebook's viral nature of networks, it is fair to assume that this message will spread exponentially leading to very high infection rates.
"Users of social networks like this normally trust the messages they receive, so the number of reads and clicks is often very high," says Matthews. "Clearly, in addition to the security measures of the social network itself, users have to take on board certain security and personal privacy basics, to avoid falling victim to fraud and contributing to its propagation."
To prevent this type of fraud, Panda Security offers the following advice:
* Don't click suspicious links from non-trusted sources. This should apply to messages received through Facebook, other social networks and also e-mail.
* If you do click on any such link, check the target page carefully (in this example, it is clearly a fraud). If you don't recognize it, close your browser.
* Even if you don't see anything strange in the target page, but you are asked to download something, don't accept.
* If, however, you have still gone ahead and downloaded and installed some type of executable file, and your computer begins to launch messages saying that you are infected and that you should buy an antivirus, this is very probably a fraud. Never entered your credit card details, as you will be putting your money at direct risk. And above all, make sure you get a second opinion on the security of your system, with any reliable free online security solution such as Panda ActiveScan.
* As a general rule, make sure your computer is well protected, to ensure that you are not exposed to the risk of infection from any malicious code.