A new worm is raising havoc for Facebook and MySpace users. Called Koobface (and alternatively the Facebook Worm, MySpace Worm, Facebook Virus, or MySpace Virus) the MySpace and Facebook worm posts messages on Facebook and MySpace with links to what it claims to be a video. When the users follow the Koobface MySpace or Facebook worm link, they are told that they need to update their video player, and to “click here”.
Of course, what they download isn’t really a video player update, it’s a trojan called “codecsetup.exe” which allows their computer to be taken over and controlled remotely.
The Koobface worm, which comes in two variants, whose full names are Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, was first detected by Kaspersky Labs. Net-Worm.Win32.Koobface.a is the MySpace worm variant, and posts fake comments to MySpace pages, with the malicious links.
Net-Worm.Win32.Koobface.b is the Facebook worm variant, and it sends messages to infected Facebook users’ friends via the Facebook site.
Says Kaspersky Senior Analyst Alexander Gostev, “Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites. So the likelihood of a user clicking on a link like this is very high.”
Gostev points out that “At the beginning of 2008 we predicted that we’d see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we’re now seeing evidence of this. I’m sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity.”
For now it may suffice to simply not follow any links you get via Facebook or MySpace which claim to show you any kind of video. But soon – probably very soon – that will not be enough to keep you safe. The best advice is to exercise the same amount of caution with any links or attachments you get via Facebook or MySpace as you would with links and attachments you get via email. If you don’t know the person who sent it to you, don’t click on it. If you do know the person who supposedly sent it to you, confirm with them first that they really were the ones who sent it to you, and that it’s safe.