Virus Attacks Facebook Users
A new virus is winding its way through Facebook, and McAfee security experts warn, "The situation is likely to get worse before it gets better."
The ‘Koobeface’ virus crawls the address books of already infected users and leverages Facebook’s internal messaging system to send all their Facebook friends a message that says “you look just awesome in this new movie” and provides a link to view the supposed video.
Unwitting recipients who click the link are taken to an external site where that provides another message telling them they need to install a new Flash update to run the video. In reality, the ‘update’ is a virus that looks for sensitive information on the newly infected user’s computer, like credit card numbers.
Recycling scams is a tried and true practice that is particularly effective as a new crop of users comes of age. What is remarkable is how little ‘updating’ the scam needed to be effective. Perhaps this is because many Facebook users are too young to recall the ‘I Love You’ virus that was launched in 2000, but for all intents both viruses employed the same techniques.
Koobface sends a fake video link via a social networks messaging system; the ‘I love You’ virus sent an email containing a ‘greeting card’ link.
Both viruses automatically forward themselves to every contact in an infected user’s email address. Ensuring a rapid spread as each new victim exposes potentially hundreds of friends.
Both use social engineering to persuade millions of people to click on the embedded link - knowing that friends would consider an email from the victim’s computer legitimate.
Both leveraged human curiosity and vanity – people want to know what is in the card to them or the video about them.
Staying safe online requires consistent implementation of some basic safety principles, those that fell for this virus failed to apply at least two of them:
Don’t open attachments from strangers, and be cautious about opening links you weren’t expecting even from people you do know.
Protect your computer with anti-virus, anti-spyware and firewalls – and always have these up-to-date.
If your computer has been infected with the Koobface worm, Facebook security blog has the following recommendation:
We're currently helping our users with the recently discovered "Koobface" worm and phishing sites. If your account has recently been used to send spam, please visit one of the online antivirus scanners from the Helpful Links list, and reset your password here.