Gadgetell | Tech News, Reviews, and Interesting Things

As I talked about recently, we all know that Facebook, along with most social networking sites in general, is growing in popularity in a major way as of late.  And with an increase in users comes an increase in the interest of those wanting to target those users maliciously.  So what do you have as a result?  Just like in nursery school when you have all the little kiddies blowing their nose into their hands and then running those germy little hands all over the tables and toys to share the wealth—you have a spread of viruses.  And in this case, worms. 

One of the latest in the launched threats against Facebook (as well as other social networking sites including the popular MySpace, Bebo, and Friendster) is an updated variant of the worm known as “Koobface.”  Yep, this one was around last summer, and it’s back.

Freddy35.exe

McAfee’s site gave an updated description and “threat” announcement regarding the worm just days ago.  According to their site, a new variant of Koobface.worm has been seen spreading. It creates a copy of itself in the Windows directory as: * freddy35.exe.

Facebook states that most of its users are in the age demographics of over thirty years old, and some of these people are just getting into using computers and networking sites and may not be as tech savvy as their younger counterparts.  Thus they may not be as quick to detect what may be a lure to a virus.  Obviously, this is a problem, and one to keep in mind with using such sites safely.

How to identify “Koobface”

The way “Koobface” operates is like this:

You get a message from one of your friends on Facebook (or other site), which invites you to watch a video by clicking on a link.  Now, most of us obviously know the old adage “don’t click on links if you aren’t sure where it came from!” but they are trickier with it since it is supposedly from a friend of yours, which makes it appear safe.

Then, if you do go and click on the link, it takes you over to a page that looks like a YouTube page.  This page even has a picture of the friend who supposedly sent you the link.  Doing this, using your friends to lure you in and then trick you into downloading malicious software, is called “social engineering.”

Ok, so you are now on the “YouTube page,” which isn’t a real YouTube page.  Next, it tells you to install Adobe Flash Player so you can watch the video.  Ding! Ding! Ding!  Warning! Warning!  This is where the red alarms and sirens should be going off.  But again, for many not familiar with this sort of thing, it all seems perfectly legit.  If you DO decide to follow the command, guess what?  You won’t be downloading Flash Player.  Instead, you will be getting the worm.

What the worm does is gains control of your computer, as well as helping itself to looking through your Facebook friends and sending them messages with the link to the “YouTube site.”  The more the merrier is the Koobface motto.

Stay Safe

Obviously, it is very important to be extremely careful about what links you click on (even if you think your friends sent them).  It’s not like viruses tend to come with the subject line of “Hey! I’m a virus. Click on enclosed link so I can really f@*k with your computer!”  While that would be ever so helpful, it’s not very realistic.  Also, if you are going to install any kind of program or plug-in, it is always better to go and get it right from the vendor site.  So, in this case, if you were told to install flash, go to adobe.com to get it.  Another site I do trust is download.com. 

Facebook has a ton of applications for download.  Make sure you know what you are installing.  If it is new especially, you may want to search its name out to make sure it isn’t a spam program or worm.  TrendMicro has reported two “rogue apps.”  One is “The Error Check System”, and the second is an application that shows a notification telling users that they’ve violated Facebook’s terms of service.

What else can you do?  Keep your anti-virus software up to date and run scans on your system.  A list of some good (free) programs can be found here. 

via: orlandosentinal