Elaborate Facebook Worm Virus Spreading
Michael Arrington
73 comments »
Update: Facebook responds to malware attacks.
Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.
The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.
A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.
Screen shots below.
if you are stupid enough to click links like that you deserve anything that happens to you.
If you don’t click the links in the e-mails you would probably be preventing problems.
http://blabtech.blogspot.com
@Andrew - I think you’re going too far. It does amaze me that people still fall for this sort of thing, but the majority of computer users are non-techies and don’t follow computer threat discussions.
Agree with Burak - most people are dumb as a rock when it comes to this things. Social engineering and other less advanced methods work like a charm with most of the users.
The problem with worms like this isn’t the person infected first, it’s usually with the people they infect, the extra traffic on the network they are on, and any other purpose their machine is put to. For every “stupid” person that gets one of these, 100 other people are inconvenienced, annoyed, or worse.
As for the actual declaration that people are stupid that get these, that is not always the case. They are often naive, or just uninformed. As an IT guy, I have never understood why some people think that people being uneducated about their computers makes them dumb.
Virus?, .exe files? that is so windows…
Switch now!
Right, but there is some essential software i use on win. I like Linux, Mac, unix really a lot, worked long times with Linux.
Johannes
http://success24.ws
Get out of your closet, Mac is the worst in security.
http://www.macworld.com/articl...../hack.html
i dont use facebook nor any social network sites
so i lol at those who got infected because of it
“Howdy, you’ve been catched on hidden cam, yo.”
I don’t know anyone that talks like that, which is why I’d never click on a link right next to that sentence.
So what can one do if they have blindly got infected - what’s the fix?
@Amit
wsup, 8nt u evr bin 2 MySpAcE?
Of course people will try to disrupt the social networking realm with viruses, it is all a perfect way of viral distribution much like their facebook apps…
We should create a new rule on the web: never ever enter your username password on a third party site and every website should have a personalization feature to allow users to authenticate the website before it enters its username and password.
Wouldn’t help in this case. Re-read the initial attack method - the attackers hack an existing facebook account, and use that to send out the message. At no point does anyone enter their own id and password. They just click on a link embedded in a message that /appears/ to be from a known friend.
“Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack.”
Right on… most users of social networking websites are incredibly naive. A LOT of the social networking website depends on this naivette to grow in the first place.
Case in point - Flixster. The company had a slow user growth up until it started the practice of tricking users to enter their Yahoo/MSN username and passwords (WTF??) into a form upon which it Spams all the user’s friends asking them to join Flixster… with some faux personal message as if it as the user who sent the message themselves.
What happened? Flixster took off and now has a $150M valuation.
A lot of sites do that.
“A Google search on the words “flixster” and “spam” yields 121,000 page results[23]. However, this is actually a low number compared to that of other social networking sites: “MySpace spam” yields over 20 million [24], and “Bebo spam” displays 2.6 million”
-http://en.wikipedia.org/wiki/Flixster
I’m pretty sure facebook does it now also. I could be wrong however.
Yup, facebook does it too.
http://www.new.facebook.com/invite.php?ref=tn
Actually, facebook let’s you remove users from the invitation list manually. However, the fact that people give away their login and passwords to a third party site is kind of creepy.
I think the beef with Flixster is the extent which they abuse this process. It is fine if you consciously let a social networking website spam your addressbook.
But from what I hear Flixster practiced REALLY deceptive methods (such as sending an email to your friend that they have a quiz from you, and in order to get to the answer, they’d had to enter their yahoo login or something like that) - which they will use to spam even more people.
http://www.theinternetpatrol.c.....dress-book
I also heard that Flixster holds on to your contacts and contacts them repeatedly - I don’t think they do that anymore though as there was a huge uproar when they did that last year - but they managed to get what they wanted, which was massive traffic to justify their valuation.
Facebook users are naive and you think you know what a worm is. Bulls eye!
He He, I’ll never get it cause I Don’t have a facebook account.
Wow… Watchout, be carefull…
I have had two of these in the last 2 days… be careful folks!
not sure what all the fuss is about - looks perfectly legit to me.
i mean, all my flash upgrades are hosted by vinozlomekvavra.cz
i dont use facebook nor any social network sites
I’ve gotten 2 in the last 2 hours. Told the people to change their FB password, seems like that’s the least of their problems.
reason why facebook is not hot within japan..
how the f### do i fix my comp after opening the exe?
Only a few anti spam techniques technique have succeeded in the battle with spammers and one of them is Abaca’s ReceiverNet service. ReceiverNet characterizes each protected user based on the percentage of spam they receive and then uses those reputations to rate the incoming message flow. ReceiverNet is effective in protecting against existing and future spam techniques. For more information log on to http://abaca.com/.
Had it happen to a friend today. Not fun.
At least the largest European social network Netlog (http://www.netlog.com) has no problem with this kind of spam which Twitter and Facebook has to deal with.
It is the architecture of Facebook that allows this kind of things. Go for Netlog, it is way more secure and you don’t have the issues of all the annoying apps…a great answer to the Facebook-idiocracy!
Since you work at netlog, you are obviously biased.
http://en.netlog.com/viagrasofttabs <– spam on netlog.. (simple google search reveals tons more)
Since you work at netlog, you are obviously biased.
Just type netlog and via**a in google and you will see tons of spam on their site. They are not immune.
I use facebook but till I not get any message of this kind and if I will get any message of this kind I will ignore that.
Best solution is to go into your router settings and ban all spammy/malware filled domains, For example .pl .ws .crackhead .bs etc you get the point.
How do I fix it - my little sister clicked the link and now my pc is creating error messages every 2 seconds!
Because this IS a .exe file - it won’t affect my mac right?
ok, so i think the big question is… how do we fix this?!
Im on a mac so im protected against this stupid stuff. Even if It was a universal think. Macs dont suffer from the ability to have things auto installed like windows computers.
Mmm, glad I switched to Linux
uhm, you have to run exe, you retards. It wouldn’t matter what platform you were using.
Christ, why can’t people apply common sense? If I have learned anything else from my forays on the web, it’s that executing executable files from any .ru, .cz, have a high potential to be bad files. You know, much like downloading that illegal ms office suite from a torrent site and not expecting it to be spiked with some potent bugs. I have a facebook account and I knew there was a reason my profile page is still pristine.
personally I’m a fan of the death penalty for first offense virus,hack or spam attempt
Really, it’s pretty sad that users would _see_ a popup about running an executable, and click ‘Save File’. I’ve forwarded this on to a bunch of my friends, just in case. It’s amazing what some folks will do, before thinking about it. :/
Please tell me you have at least *looked* at another platform. .EXE files don’t run on Mac or *nix systems (at least not with out a good deal of work).
He ofcourse means that no matter what platform, the user has to install the exe or dmg file.. It does not install automatically, not even on windows.
Call it dumb luck. I clicked on the site but the link didn’t work! So I went straight to adobe. Hey, if you verify your identity by giving your cell number, do you get cell span? Thanks.
Don’t lagh but im a techy and I made the mistake of opening it, i should of know,, but the girl that “sent” me it, was one of my hot friends, and i know she’s kinky, so i was really expecting some hot film of her in her panties. So i just kept clicking on it,,like an idiot
You guys that clicked on the link and installed the software are perfect potential candidates for Darwin awards. How many red flags does it take for you to “get” it?
hey there is a new virus going around facebook telling you to go to somesort of website its different everytime, the website, any it posts to all of your friends and then you cant delete the post that “you” wrote.. if anyone has any info on it id love to hear from someone…
Facebook fakers using the name and the app to spread worms.
One of my Facebook friends has a problem and doesn’t have Antivirus software nor does she have anyone to tell her how to fix this. Her facebook is sending a post to her friends wall that says this: YOU GOT A (CRUSH) ON YOU, CAN YOU GUESS WHO IT IS? YOU’LL BE SHOCKED, FIND OUT NOW! http://img299.imageshack.us/img299/8493/mcrlj0.swf
Any thoughts on what I can tell my techno-lacking friend on how to stop it from spreading further and also to get it off her machine - short of reformatting?