The Facebook Virus Spreads: No Social Network is Safe

Discussion in 'malware problems & news' started by Dogbiscuit, Dec 22, 2008.

Thread Status:
Not open for further replies.
  1. Dogbiscuit

    Dogbiscuit Guest


    Article
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I see thousands of teenagers falling for this one. God help their parents. Someday there will be an article in computer magazines titled "What were they thinking?", and nearing the top will be these social networks.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This trick has been making the rounds since at least July:

    Kaspersky Lab Detects New Worms Attacking MySpace and Facebook
    http://www.kaspersky.com/news?id=207575670

    The preventative solution is quite easy:

    1) users should know how to check to see if an application is out of date, and

    2) know to update only from the vendor's site, not to click-to-update from a web page or email.

    These types of scams are not new - just a different venue in which to attack. You may remember exploits where popups to install a malicious codec occur on webpages that contain a video.

    Having a policy of not installing *anything* from a web site that prompts via a popup is another good preventative measure -- no matter how badly you want to watch that video!

    If the Facebook users are young children using the family computer, the computer should be locked down so that only the parents can install programs (executables).

    With teenagers -- they are not dumb --they just have to be taught safe procedures and how to be aware of these social engineering tricks.

    In the spirit of the season - why not check with family members and acquaintances to see if you think they might be tricked by something like this, and lend your expertise in helping them set up secure policies/procedures for using the internet and email.

    This site has good screenshots of a typical attack so that users can be on the watch:

    W32/Koobface.worm
    http://vil.nai.com/vil/content/v_148955.htm

    Finally, in my view, the sensational headline, "No Social Network is Safe" is just silly. You might as well say the entire internet and email are not safe, since enticements to install fake programs and give out your personal information are present everywhere.

    Be Alert!

    ----
    rich
     
    Last edited: Dec 22, 2008
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I just couldn 't let this slide by with the implication that teenagers might be the only ones falling for this!

    First, the articles I've seen about this exploit don't mention an age group.

    Second, I know a number of adults who use Facebook, MySpace, for social connections with friends. A rather amusing reference appeared in a recent issue of Time in a commentary by one of its regular columnists:

    http://www.time.com/time/magazine/article/0,9171,1858883,00.html
    More on venues other than Facebook for these types of attacks. This summer, for example, the CNN fake codec exploit:

    Update: Fake CNN spam mutates as attacks continue
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112138
    Bogus CNN Custom Alerts
    http://securitylabs.websense.com/content/Alerts/3154.aspx
    I don't see how Facebook is any more of a dangerous place than one's own email inbox or a compromised web site.


    ----
    rich
     
  5. Dogbiscuit

    Dogbiscuit Guest

    I think the article's headline seems sensational because the author is assuming that the average user on social networking sites (or those reading the article) thinks of them as safer places than their inbox or the internet in general, and they are not.

    The technology consultant at Sophos, quoted by the writer, seems to agree with the assumption:
     
    Last edited by a moderator: Dec 23, 2008
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    As Facebook Virus Spreads - Understand the Threat and Prevent Accordingly

    I can understand that. But should such an assumption on the part of the author lead to the conclusion that just because users think they are safer, yet become victimized, that "No Social Network is Safe?" If something is not safe, then no one should be permitted to engage in the activity. Start a movement to take down these sites.

    Now, the corollary:
    Does this imply that exploitation by unknown links and email attachments is less of a threat because people have learned to be suspicious? This does not hold up under analysis, using the Storm malware as an example:

    Storm builds the world's biggest botnet
    http://www.pcadvisor.co.uk/news/index.cfm?newsid=10913
    The World's Top Three Biggest Botnets in Action Today
    http://www.scamfraudalert.com/f142/world-s-top-three-biggest-botnets-action-today-10700/
    Back to the Facebook article,
    Then it is NO guard.

    I know that seems harsh, but so-called *safer* environments are nothing new. People have Buddy Lists in AOL Instant Messaging (AIM), where one might receive a message from someone on the Buddy list whose computer is compromised by a virus. Does that mean that AIM is not safe?

    We always taught that if you have procedures in place, some of which I outlined in an above post, then a warning bell will sound when you are confronted with such a situation, *no matter the environment* whether email or whatever. You will say, Now, wait a minute...

    More on AIM:

    Blocking AIM CRUSH, Free iPhone, and Virus Links in Aim 6.8
    http://bumped.org/tek/2008/05/26/blocking-aim-crush-free-iphone-and-virus-links-in-aim-65/
    Sound familiar? That is two months before the koobface worm (according to the Kaspersky chronology).

    Is AIM not safe? Is this an AIM problem or a user problem?

    General IM Hygiene:
    http://www.aim.com/help_faq/security/faq.adp
    How is the Social Network environment any different from this? Wouldn't this "hygiene" apply to Facebook users?

    http://www.facebook.com/security
    Back to the author's assumption that the user *thinks* face book is a safer environment.

    Again, putting the blame on the user is different than attributing a grade of "unsafe" to an environment per se, or claiming that "No social network is safe."

    Security-minded people won't be swayed by such pronouncements.

    You know what the threats are - social networks, email, internet - they all use the same exploit framework.

    You know the social engineering tricks, and

    You know what preventative measures need to be taken.

    It is sad that many fall victim to these ploys, but we can at least talk it up amongst those within our sphere of influence who will listen.

    Each one who does listen will be one less victim in a botnet.


    ----
    rich
     
    Last edited: Dec 23, 2008
Loading...
Thread Status:
Not open for further replies.