July 31, 2008
New Worm Attacking MySpace and Facebook Detected By Kaspersky Lab
Kaspersky Lab, a leading developer of Internet threat management solutions, has detected two variants of a new worm, Networm.Win32.Koobface.a. and Networm.Win32.Koobface.b, which attack MySpace and Facebook. As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets.
Kaspersky Lab warns users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes. It should be noted that currently the worms are only infecting MySpace and Facebook users.
Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace account. The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as "Paris Hilton Tosses Dwarf On The Street"; "Examiners Caught Downloading Grades From The Internet"; "Hello"; "You must see it!!! LOL. My friend catched you on hidden cam"; "Is it really celebrity? Funny Moments" and many others.
Messages and comments on MySpace and Facebook include links to youtube.[skip].pl. If the user clicks on this link, s/he is redirected to a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying the user needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codesetup.exe is downloaded to the victim's machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.
Alexander Gostev, Senior Virus Analyst
"Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high. At the beginning of 2008 we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity."
Kaspersky Internet Security detected these threats proactively and signatures were added to the database on July 31, 2008.
About Kaspersky Lab
Kaspersky Lab delivers the world's most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. Kaspersky Lab products provide superior detection rates and the industry's fastest outbreak response time for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky(R) Technology is used worldwide inside the products and services of the industry's leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com.
Contact Information: Kaspersky Lab Jennifer Jewett + 1 781-503-1856 Email Contact Cohn & Wolfe for Kaspersky Lab Aida Causevic +1 415-365-8537 Email Contact
SOURCE: Kaspersky Lab