Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Facebook worm resurfaces on Google

Beware dodgy videos.

Article comments

Google users could be facing the returm of a worm that first hit Facebook in July.

Researchers at unified threat management vendor Fortinet noticed that a program similar to the Koobface worm had started using the Google Reader and Picasa websites to spread. In the attack. Criminals host images that look like YouTube videos on the Google sites in hopes of tricking victims into downloading malicious Trojan software.

Hackers initially unleashed Koobface in late July, but Facebook's security team soon slowed its spread by blocking the webites that were hosting the malicious Trojan software.

That has prompted the criminals to change tactics, according to Guillaume Lovet, a senior research manager with Fortinet. In this latest attack they have hosted files that appear to be YouTube videos on Picasa and Google Reader and used Facebook to send them to victims.

The links appear safe because they go to Google sites, but once the victim arrives on the Google Reader or Picasa page, he is invited to click on a video or a web link. The victim is then told he needs to download special codec decompression software to view the video. That software is actually a malicious Trojan Horse program, which is blocked by most anti-virus programs, according to Facebook.

Lovet believes the cyber-criminals behind Koobface have deliberately misspelled their Facebook messages to further help them evade detection by filters.

"Sommebody uupload a viideo witth you on utubee. you shuold ese," reads one message.

Lovet has not seen this latest attack use the self-copying worm code that Koobface used last August, but it could easily be added, he said.

Facebook is working with Google to shut down the problem, said Facebook spokesman Barry Schnitt.

Koobface has been a top security concern at Facebook since July. "It's been out there constantly," Schnitt said, "but it's surfaced a little bit more lately."

The worm's creators have used other tricks to try to circumvent Facebook filters, he added. They've used Facebook's instant messaging feature and also hosted their malicious links on sites such as Tinyurl.com and Bloglines.

Nobody knows how widespread this malware really is, but when Koobface first appeared on the scene, Facebook said it was affecting less than 0.02 percent of users. Facebook boasts more than 110 million users; 0.002 percent of that would represent 220,000 users.

Security experts have long warned that the Web 2.0 mash-up model of allowing users to put together their own content from many different sources naturally creates many security problems. In part, this is because it allows anyone to post material on trustworthy domains such as Google.

"I believe that you will see more of this stuff happening," said Petko Petkov, a security researcher with GNUCitizen.

With corporate Intranets adopting new technologies such as blogging and Wikis, Petkov thinks corporate targets may soon be ripe for attack. "If you have a worm inside a corporation that works the same way as the worm on Facebook, you have a huge problem."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *