Friday, December 05, 2008

On Facebook? Be Careful!

Nasties out there on Facebook.

December 5, 2008 (Computerworld) Facebook Inc. is resetting some user passwords and scrubbing the service of malicious links in an attempt to eradicate a fast-spreading worm that redirects infected machines to a little-known search site, the company and security researchers said today.

The "Koobface" worm, which has been circulating through the popular social networking service since at least Wednesday, continues to be a problem

... Facebook users began reporting receiving spam messages such as "You look just awesome in this new movie" or "You look so amazing funny on our new video" that tried to dupe them into clicking on a link. Schmugar said that if they did, they were taken to one of several compromised sites that then displayed a fake error message claiming that Adobe System Inc.'s Flash was out of date, and prompted them to download an update.

The "update" was nothing of the kind, but instead was an executable file that installed the Koobface worm, which in turn installed a background proxy server that redirected all Web traffic. According to Schmugar, the proxy servers listens on TCP port 9090, particularly for search requests to the major search engines, including Google, Yahoo and Microsoft's Live Search.

"Search terms are directed to find-www.net," Schmugar said, "[which] enables ad hijacking and click fraud." The hackers are making money by redirecting users' searches to their own results, collecting cash from the ensuing clicks.

...which is one reason why only the Administrator does downloading on this network...

2 comments:

Phelony Jones said...

I'm also putting the kibosh on any "apps" for the time being

Disgruntled Car Salesman said...

That popped up in a message to me on facebook, seriously.

Glad I deleted it.