November 11, 2008

PandaLabs Discovers Malicious Worm That Attacks Social Networks

GLENDALE, Calif., Nov. 11 /PRNewswire/ -- Panda Security, a leading provider of IT security solutions, today announced that PandaLabs, Panda Security's malware detection and analysis laboratory, has detected Boface.G, a new worm that uses the Facebook and MySpace social networks to spread.

The Boface.G worm posts a link on the infected users' profile or contacts panel of a fake YouTube video. Alternatively, it sends the infected users' contacts a private message with the link. When users try to watch the video (which appears to come from one of their friends) they are taken to a web page where they are encouraged to download a Flash Player update. However, if they do so, they will enable access for the worm into their computers and will infect of all their contacts.

"Social networks attract millions of users and have become one of cybercrooks' favorite ways to spread their malicious creations," explains Luis Corrons, Technical Director of PandaLabs. "Users of these social networks should try to confirm the origin of these messages before following links or downloading items to their computers."

According to PandaLabs, one of the two social networks under attack has already taken measures to protect users from this malware. Panda Security recommends that all users of these social networks take the precautions for protection against this malicious worm:

-- Install a security solution with proactive technologies on the computer. This way, you will be protected against malicious codes that spread through these networks, even if no previous attack has been launched.

-- Keep the computer up-to-date: Users must be aware of and resolve all the vulnerabilities that affect the programs installed on the computer.

-- Don't share confidential information: If you access forums and chats to exchange information, talk, etc. remember not to provide confidential information (email addresses, credentials, etc.).

-- Teach children: Children must know which information they can share and which not. To do so, parents must know the social networks they access and teach them the correct and safe way of playing.

-- Only provide the information necessary in the profiles: When creating user profiles, only provide the information necessary. If it requests private data like the email address, select the option to prevent other users from seeing the information, to ensure no users other than yourself and the administrator can access your data.

-- Report crimes: If you observe inappropriate or criminal behavior (attempts to contact children, inadequate photos, modified profiles, etc.) you must inform the social network administrators.

Consumers can check whether they are infected on the Infected or Not website:

   For more information, go to the PandaLabs blog:    About PandaLabs  

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: For more information and evaluation versions of all Panda Security solutions, visit our website at:

Panda Security

CONTACT: Shannon Walsh of Bateman Group, +1-415-269-0849,[email protected], for Panda Security

Web site: