RSSFacebook worm still spreading
By Tim Conneally | Published August 25, 2008, 1:17 PM
Early in August, security firms noticed a worm spreading on Facebook through wall posts, claiming to contain a video requiring a new codec to be installed. Variants of this worm are now being spotted on a weekly basis.
The virus appears to be a slightly modified version of what Kaspersky Labs called Koobface; a worm elaborate in its design, but crude in execution.
Utilizing the same poorly worded social engineering tricks, the worm sends messages in Facebook with subject lines like "Hi My Friend," or "Hej!" and contains a verbose link to a video that claims to feature the recipient in some way. Instead of loading a video, it says the user's version of Flash is out of date and needs a new codec. Attempting to click on any part of the video player, including the sender's profile information, the fake comments, or settings, results in a forced download.
Up to this point where the user downloads the file entitled "codecsetup.exe", the worm's methods are exactly the same. Once the "codec" file is opened, it creates a file called "fbtre9.exe", different from the Koobface.A profile, which created a file called "mstre6.exe." This appears to be the sole difference between the two, and the twelfth time the virus has mutated in such a way (there are currently 27 different Koobface infections). When the file is run for the first time, it generates an error message and begins looking for Facebook user ID cookies. If found, the results are intended to be reproduced every time the user turns on his computer.
During the inital spread of "Koobface," Facebook's head of security Max Kelly wrote in the official blog that "Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware."
At least for BetaNews, which purposefully installed the koobface virus on a virtual machine, this statement is untrue; we were neither notified nor were we informed on corrective measures. However, the message which carried the virus disappeared promptly after obtaining the necessary files. Some have attributed this to either Facebook's diligent users or staff, but this is yet unconfirmed.
foxfire stole my planned one word post! ****.
Score: 0
|Damn... same here. LOL
Score: 0
|Good.
Score: 0
|AND yet another reason to get a Mac, no worries of viruses taking over your computer. Wow, as I said that, I'm feeling very smug right now. :)
Score: 0
|Not as smug as me. You couldn't fit in the same room with my ego. I bet you get in your s***box and drive to a soon-to-be-eliminated job every day like everybody else.
You are the type who would drive a seven year old Honda Civic but have an iPhone to appear successful.
_________________________________
Vista also won't let viruses install without warning you twice (unlike XP), and of course there is always Windows Restore for the morons.
Score: 0
|*puts up two thumbs, squints eyes and says:*
GOOD FER YEWWWWWW!!!
AND yet another reason to dislike smug Apple-fanboy comments.
The real lesson here is that people need education on how to protect their computers by not falling for such stupidity.
I have no viruses.
I run NO antivirus software 24/7 (on occasion I do scan my systems).
I have a NAT router without any special software security suite on the client side.
I patch my OS regularly.
I don't open uninvited attachments without knowing who sent them and if they even sent the file in the first place, especially anything executable.
I don't surf pr0n spam mail links, random links sent to me in SPIM or SPAM, I don't use facebook or any "*book" or "*space" site.
I don't install every single program that pops up in my browser when I do go to a website outside the norm.
I use the proper CLOSE button on popups instead of cheesy deceptive graphics inside a popup HTML frame.
I don't download and use "adware".
I pay attention to what I have running at all times when I'm working on my PC.
I don't let anything autorun on start that doesn't absolutely need to be, unless it will not function without it, and even then it had better be essential to the operation of the program (rare gems like Daemon Tools and ANYDVD are examples)
Here's my version of a Mac vs. PC commercial:
I am a PC. And I'm educated about how a PC works. I know not to click on everything that pops up, and guess what, I don't have a problem with my Windows experience!
I am a Mac, and I don't want to know, nor care to know, I just want it to work. I don't have the time or brainpower to care.
Score: 0
|"At least for BetaNews, which purposefully installed the koobface virus on a virtual machine,"
Hope you keep the host well protected with regards to this type of testing. A VM is no guarantee of a secure sandbox.
Score: 0
|You think they'd do it on a box connected in anyway to their web host? I think they're smarter than that.
Score: 0
|