http://tech.yahoo.com/news/pcworld/20081205/tc_pcworld/facebookvirusturnsyourcomputerintoazombie

KL has been detecting this as Net-Worm.Win32.Koobface since August. They're now up to variant .cj (as of this posting.)

Comments from their analysts' blog: http://www.viruslist.com/en/weblog?weblogid=208187548

Fake Flash updates have been around for awhile. A recent notorious one back in August was the CNN video exploit:

Massive Faux-CNN Spam Blitz Uses Legit Sites to Deliver Fake Flash
http://www.cio.com/article/441916/Massive_Faux_CNN_Spam_Blitz_Uses_Legit_Sites_to_Deliver_Fake_Flash

When this type of exploit was seen last year - exploits also included fake Codec prompts - I decided drastic measures were needed, and I advised people to immediately close out the web site/video, no matter how alluring it might be.

They know that all updates should be from the vendor's web site and *never* to go to one via a URL click either from a web site or from an email. They know how to check their Flash version.

For social networking sites, the older children can learn to follow these policies. For the younger children, I stress that the parents should keep the computer locked down so that only the parents can install anything. The most bullet-proof methods are those which are Deny by Default. The only two I know are Software Restriction Policies and Anti-Executable. With these methods, there is no prompt to Allow/Deny and no way the child can install anything without the parent's permission. In one case, we customized Anti-Executable's alert message:

204691
____________________________________________

So, if little Mary receives a link to a video from her friend, Sally, gets a prompt to update Flash, decides to click on it, the result is a disappointed Mary because, "Mom, Sally sent me this neat video and it won't play."

While it is sad that there have been so many victims of these types of exploits, it is evident that it doesn't have to be so.


----
rich