Adobe, Kaspersky warn of botnet worm spreading via social networks
By Ed Oswald, BetaNews
August 6, 2008, 1:02 PM
The maker of Flash and the leading security lab said earlier this week that a worm first discovered last Thursday is being spread through social networks disguised as a update to Flash Player.
Adobe says there is no update. The worms, dubbed Koobface.a and Koobface.b by security firm Kaspersky, spread themselves through leaving comments and messages on Facebook and MySpace, which are sent to friends of an infected user.
Once a link is clicked, the user is redirected to a site that includes a video clip. The user cannot watch the video unless the update is applied. Once compelled to do so, the user then downloads and executes codesetup.exe which then installs the worm on the user's machine.
"Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high," senior virus analyst Alex Gostev said.
An infected computer would then become part of a botnet, which could be used later to launch additional attacks. It may also upload modules with additional functionality to the Internet.
Kaspersky said the worm only seems to be spreading through MySpace and Facebook, and not any of the other social networks at this time. Koobface.a is aimed at the former, while Koobface.b targets the latter.
It should be noted that Kaspersky has since detected four more variants of the worm, however it has not as yet provided any details on the specifics of the newer detections and what or whom they target. BetaNews had contacted the firm for additional information, and has been told to expect a response later this afternoon.
Add a Comment (7 Comments)
BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.