Security company Trend Micro warns in its blog about new Koobface worm variant.
Facebook user may get a message that looks like it was coming from friend's Facebook account. The message contains friend's picture and name with a link to a video.
The link opens a spoofed version of YouTube site. In the centre of the site there's a message telling that user must install Adobe Flash Player Update.
By clicking install -button user won't get any Flash update. Instead of it Koobface worm's new variant (detected as WORM_KOOBFACE.AZ) is downloaded.
Facebook users are not the only group in danger. The worm searches for cookies created by the following sites first:
* facebook.com
* hi5.com
* friendster.com
* myyearbook.com
* myspace.com
* bebo.com
* tagged.com
* netlog.com
* fubar.com
* livejournal.com
Then it connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user’s friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine.
Users of mentioned social networking domains are advised to ignore described messages, and refrain from clicking links in unsolicited messages.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment