Worm uses Google to squirm around Facebook

A malicious program that sprang up on Facebook.com in late July has surfaced again, this time using Google's Web sites to sneak around security filters.

A malicious program that sprang up on Facebook.com in late July has surfaced again, this time using Google's Web sites to sneak around security filters.

On Tuesday, researchers at unified threat management vendor Fortinet noticed that a program similar to the Koobface worm had started using the Google Reader and Picasa Web sites to spread. In the attack, criminals host images that look like YouTube videos on the Google sites in hopes of tricking victims into downloading malicious Trojan software.

Hackers initially unleashed Koobface in late July, but Facebook's security team soon slowed its spread by blocking the Web sites that were hosting the malicious Trojan software.

That has prompted the criminals to change tactics, according to Guillaume Lovet, a senior research manager with Fortinet. In this latest attack they have hosted files that appear to be YouTube videos on Picasa and Google Reader and used Facebook to send them to victims.

The links appear safe because they go to Google.com Web sites, but once the victim arrives on the Google Reader or Picasa page, he is invited to click on a video or a Web link. The victim is then told he needs to download special codec decompression software to view the video. That software is actually a malicious Trojan Horse program, which is blocked by most antivirus programs, according to Facebook.

Lovet believes the cyber-criminals behind Koobface have deliberately misspelled their Facebook messages to further help them evade detection by filters.

"Sommebody uupload a viideo witth you on utubee. you shuold ese," reads one message.

Lovet has not seen this latest attack use the self-copying worm code that Koobface used last August, but it could easily be added, he said.

Facebook is working with Google to shut down the problem, said Facebook spokesman Barry Schnitt.

Koobface has been a top security concern at Facebook since July. "It's been out there constantly," Schnitt said, "but it's surfaced a little bit more lately."

The worm's creators have used other tricks to try to circumvent Facebook filters, he added. They've used Facebook's instant messaging feature and also hosted their malicious links on sites such as Tinyurl.com and Bloglines.

Nobody knows how widespread this malware really is, but when Koobface first appeared on the scene, Facebook said it was affecting less than 0.02 percent of users. Facebook boasts more than 110 million users; 0.002 percent of that would represent 220,000 users.

Security experts have long warned that the Web 2.0 mash-up model of allowing users to put together their own content from many different sources naturally creates many security problems. In part, this is because it allows anyone to post material on trustworthy domains such as Google.com.

"I believe that you will see more of this stuff happening," said Petko Petkov, a security researcher with GNUCitizen.

With corporate Intranets adopting new technologies such as blogging and Wikis, Petkov thinks corporate targets may soon be ripe for attack. "If you have a worm inside a corporation that works the same way as the worm on Facebook, you have a huge problem."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags wormvirusFacebook

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?