Facebook Worm

Recent news of a worm working its way through social networking sites:

The Koobface worm spreads over social networking sites such as Facebook and MySpace and has been circulating on Facebook since the summer. There are currently over two dozen variants of the worm, Craig Schmugar threat research manager for McAfee Avert Labs, told SCMagazineUS.com on Friday.

In this newest variant, users are being spammed Facebook messages with a link to a video in which they are supposedly featured. After following the link, users are redirected to a compromised host and they see an error message requesting that they download an update for Flash Player to view the video. The download is not a Flash Player update but really the Koobface variant, according to a recent McAfee Avert Labs blog post.

Expect things like this to increase in the future. Facebook is attempting to position itself as a social operating system. If Facebook really does represent a higher-level abstraction layer, as more applications become active within it (and the same goes for other social networking sites) it will become more of a target for security threats.

For now, this is more of a distraction:

Once a user is infected, the first goal of the virus is to spread to a users’ friends. The virus then installs a component that watches infected users HTTP traffic with the intention of hijacking a users’ internet search results.

“When you follow a search result link you are not taken where you want to go or expected to go, you are directed where the attacker wants you to go,” Schmugar said.

This is mostly just an annoyance for the user, but typically this type of behavior creates revenue for the attackers, who could be paid depending on the amount of traffic they direct to certain sites, Schmugar said.

But as the networked world becomes even more interconnected, the complexity factor rises. For example, with technologies like Facebook Connect, which move identity information between sites, attacks from within one site can expand out to others.

It’s not hard to imagine how attacks like this can become more intrusive, and more dangerous.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: