This Post From WebRoot Software…
WebRoot software sent an email to subscribers about a social networking threat. Apparently it’s been around for sometime, but, there’s a new variant. No need to panic, just a reminder that the net is not always a nice place to play.
In the email was a link to Webroot’s blog. The information below is excerpted from that blog post…see detailed attribution at the bottom of this page. I’ve edited it for brevity and to focus on Facebook, MySpace, and Twitter.
Please take a second to review this information and play the video. If you don’t have time or interest in reading or watching, here’s the bottom line:
- Be selective about the links you open.
- Run a virus checker regularly.
- If you don’t have antispyware software, consider it. Webroot makes a good one, SpySweeper– but there are others equally as good. Here’s a link to one Top Ten list. There’s also AdAware and Spybot, both free antispyware programs. Whatever you choose, run it regularly.
- This is another good reason to place at least some of your valuable documents on FREE online storage—as in free, normally associated with the concept of no cost, or, as in given away without charge. Check my previous online storage post. Yes, I’m nagging…because I love you.
- If you see your name associated with tweets or posts you didn’t make, alert the community that someone is posing as you so recipients can be even more selective when opening a link sent by “you.”
Read more about Koobface here—it’s Wikipedia, don’t worry.
The latest generation of Koobface targets its particularly effective brand of social engineering at more social networks than ever. As the worm has evolved, we’ve seen it grow to encompass a pantheon of services, targeting more than just the widely publicized Facebook, MySpace, and Twitter, but a host of other Web sites where people meet and (apparently) post links of funny videos for one another to watch.
For our test, several members of Webroot’s Threat Research team created profiles on the social networks Koobface attempts to infiltrate, logged into those accounts on test computers, then executed the worm’s main installer application.
The worm checks to see which sites among the ones it targets that you’ve logged in to. … the sites all have one thing in common: They all permit members to send one another messages containing hotlinked URLs. And that’s what Koobface is best at: Propagating itself by sending links. Nothing surprised us more than finding that we could actually watch the worm interacting with the interface, filling in forms and clicking buttons, as we stared at the screen.
The content of the messages were typically brief: Message text sometimes consisted of a single acronym, like “LOL,” and at other times a short phrase, such as “Sweet! Your booty looks great on this video!” or “You were sighted on our secret camera!” Smileys accompanied most of the messages, and because everyone knows that malware doesn’t smile or wink, it was a perfect disguise.
On Twitter, the worm merely posts a new tweet, once during the initial infection, and periodically thereafter (with the tweeted links using link-shortener services like bit.ly to obfuscate the destination).
On MySpace, the worm changes the account user’s “Status” by modifying the text and adding a link (which MySpace helpfully obfuscates by changing the link to one that uses its own automatic URL shortening service).
Facebook users get a triple-threat: The worm posts links on the infected user’s wall, posts different links on the walls of the infected user’s friends, and also sends yet a third link to all of the infected user’s friends through the service’s Compose Messages page.
… please treat every social networking link with caution — especially the ones promising a link to a video.
If you’ve got two minutes, check it out, but to get the best view, maximize the video window first (click the little “X” next to “vimeo” in the lower-right corner You have to put the cursor over the video area.)
How Koobface Propagates | Webroot Threat Blog from Webroot Threat Research on Vimeo.
This entry was written by Andrew Brandt and posted on August 14, 2009 at 11:54 am and filed under Stupid malware tricks, Threat Research with tags bebo, facebook, friendster, fubar, hi5, Koobface, malware, myspace, MyYearbook, netlog, tagged, twitter, worm. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
Themocracy
Thanks for the warning. I find this stuff scary. I also don’t understand why if they know about it and know how it works they can’t do something to stop it – for instance, something that blows up the bad guy’s computer would be a nice fix.
This looks quite useful. Thanks for the tip. I’ve had TWO computers zapped, ruined, had to junk ‘em because of viral infections. It’s a real problem. got the site/article bookmarked, I’ll explore it thoroughly when done blog-hopping.
Marvin D Wilson
I just had to have two computers fixed–a new hard drive on desktop, a new operating system on the laptop–I wish I’d had all this info two years ago! Galen, thank you for the resources!
One of my friends spent all last Saturday fighting off an invasion of Trojans or worms or whatever they were. It’s a scary proposition, that’s for sure.
Knowing that the off-site storage services are reliable and reputable, don’t you still worry about having a ton of passwords or other personal data stored with a third party? Think of users who do on-line banking or keep their tax return software and forms stored on their computer. Are they are risk when they use such outside services?
This terrifies me. I have had problem with worm before. Don’t want it again. Makes me want to stop social networking, but I won’t.
karen
My husband keeps warning me about the viruses attacking FB and Twitter. So far I’ve just ignored the threats, but haven’t felt good about it. Thanks for covering it on your post!
Elizabeth
Mystery Writing is Murder
I don’t download much from social networking sites so that will lower my risk. Thanks for showing me another reason to be paranoid, Galen. The sun is shining, the birds are singing and I’m afraid of my computer.
Seriously, thanks.
Elspeth
Galen, as always a most informative post. Thanks. I need to back up my files (again), take my PC and laptop into the local PC repair shop and have them clean the hard drives. Just get everything off. Wipe it clean. Then download my files again. Both are running slow just because so much stuff has accumulated over the years that are competing with speed and performance.
Stephen Tremp
http://stephentremp.blogspot.com/
Yeah, Jane, something that blows up the bad guys would be even better. I’ll take either.
Gee, whiz, Marv and Hart, TWO computers trashed. What’s the chance you’d win two lottos, or have you used up your luck on computer viruses.
Well, Patricia, I guess it’s a matter of comfort level. I do a lot of online work and never had a problem. I’ve got a pretty high comfort level, but, I am discriminating about what I do and with whom on line. For those less comfortable, the advice is obvious. But, consider this, everything in life has some risk, you just have to pick your poison. If you avoided all risk, life would be pretty flat. So, dunno. On line works for me. Could it be a disaster? Sure. I could also get into a car wreck this afternoon…but I’m still gonna drive.
No need to be terrified, Karen, remember my post says no need for panic. Just a reminder to do the things in the bullets. Do that, and you’ve a better chance of getting run over in the street than contacting a virus. Still, life happens, so, we just have to deal with what it does. Be prepared, be smart, be cautious, and you’ll…be fine.
Good deal, Elizabeth, hope there was something of interest for you.
Now, Elspeth, no need to fear, just take sensible precautions and you’ll be fine. Your computer loves you.
Good for you, Steve, I keep saying I’m gonna do something similar, but don’t. You get kudos for being pro-active. nice work.
Thanks to each of you for stopping by. Galen.
Thanks for the heads-up, Galen.
But I gotta tell you, I’m bummed. Koobface was going to be the name of the protagonist in my next book! Now what am I going to use?
It is a great name,huh, too bad it’s taken.
How about Jack Regan? Pretty scary.
Oooh, yeah! I could be a raving psychopath in your book, Alan! Oh, wait, you write fiction… :0)
Man, I hate this kinda stuff. It’s over my head and the last thing I need is my computer freezing up or disintegrating. I have protection and pray it’s working in the background. Thank you for the alert.
Helen
Straight From Hel
A friend of mine just had this happen to her with Facebook–someone posed as her during a chat session! Makes it difficult. Thanks for the reminder!
I’ll never understand why people make viruses. I guess too much time on their hands. I’ve got all the virus and spy programs loaded and I NEVER open files from anyone without scanning.
Thanks for the informative post.
Helen, it sounds like you’ve taken the right precautions, you should be fine.
I’d love to be well enough known to have someone wanna be me. I suppose that’s the sunny-side way to to look at it, Terri.
Yeah, Carolyn, I don’t get it either. Some people are just mean. Look at this way, where would our novels be without them?
What’s wrong with people these days? Who creates this stuff, anyway? Thanks for the warning, Galen!
I’ve been pretty lucky so far with viruses…nothing major. (Knock on wood.) But it’s creepy stuff and, yes, I have anti-virus stuff running.
Wow – that is really scary information. I’ll definitely check out the links. Thanks for the heads up!
Nancy, from Realms of Thought…