A malicious program that sprang up on Facebook.com at the end of July he appeared again, this time with Google in Web pages to sneak around the security filters.
On Tuesday, researchers at a single management vendor Fortinet threat noticed that a program similar to the Koobface worm started using Google Reader and Picasa Web sites to spread. In the attack, criminals that host images look like YouTube videos on Google sites in the hope that fraud victims to download malicious Trojan software.
Hackers Koobface originally released at the end of July, but Facebook security team soon slowed its spread by blocking Web sites that were hosting malicious Trojan software.
This is the challenge of criminals, a change in tactics, according to Guillaume lovet, senior research manager with Fortinet. In this latest attack, which hosted the files that appear to be YouTube videos on Picasa and Google Reader and Facebook used to send them to victims.
These links appear safe, because to go to the Google.com site, but after the victim arrives to Google Reader or Picasa page is invited to click on video or a Web link. The victim is told he needs to download a special codec decompression software to display video. Such software is actually a Trojan horse malicious program that is blocked, most antivirus programs, according to Facebook.
Lovet believes that the Cyber-criminals as Koobface intentionally misspelled their Facebook message to the other to help them avoid detection filters.
"Sommebody uupload a viideo witth you utubee. If you shuold ESE," reads one message.
Lovet not seen the last attack the use of self-copying code of the worm, which used Koobface last August, but it could easily be added, he said.
Facebook is working with Google to turn off the problem, said Facebook spokesman Barry Schnitt.
Koobface was top security concern Facebook since July. "He was there all the time," Schnitt said, "but it is on the surface a little more recently."
This worm is the filmmakers used other tricks to try to circumvent filters Facebook, he added. They used Facebook is the instant messaging function, and also hosted the malicious links to Web sites such as Bloglines Tinyurl.com i.
Nobody knows how extensive this is really malware, but when Koobface first appeared on the scene, Facebook said that affects less than 0.02 percent of users. Facebook boasts more than 110 million users; percent in 0002, which would represent 220,000 users.
Security experts have long warned that Web 2.0 mash-up model allows users to put together its own content from many different sources, naturally creates a lot of security problems. In part, it is because that allows anyone to post material on trusted domains, such as Google.com.
"I hope that you will see more of this happening," said Petko Petkov, the security researcher with the GNUCitizen.
In corporate Intranets adoption of new technologies such as blogs and wikis, Petkov think that corporate targets may be ripe soon for the attack. "If you have a worm inside the company, which operates the same way as a worm on Facebook, you have a huge problem."
Leave a comment