Saturday, November 8, 2008

Facebook Users Attacked by Trojan Virus


Facebook and its users are having a rough day. A serious Facebook virus is attacking the network’s users.

For the laymen:

If you receive a Facebook message (or a Facebook message alert in your email) with a questionable subject line, DO NOT CLICK THE LINK IN THE BODY!

All of the information in this post was garnered from an awesome article from news.com.au by Narelle Towie.

Questionable subject titles vary from “Maan,yyou’re great!” to “your ass looks not bad in this video”, “Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be*” or a youtube link that says ‘”i can see yooooooooo”. These links disguise a trojan worm and should not be clicked.

This trojan comes just months after Facebook said it was working to protect its user from phishing scams.

For the tech geeks, here is a more detailed explanation of the virus from Towie’s article:

FACEBOOK users are under attack from a virus sweeping through the online social network.

The virus is technically a trojan worm that disguises itself as an email from facebookmail.com.

People are enticed to click on a misspelled video or picture link that directs to a malicious web site.

The worm spreads its tentacles by emailing everyone on the victim’s friend list.

According to anti-virus software company Symantec, the trojan works by executing a worm called W32.Koobface.A that searches for cookies on the user’s machine.

If the worm finds the appropriate Facebook cookie, it modifies the users account settings and profile - adding links to malicious sites to trick others into installing the invader.

Facebook discussion boards talk about the trojan directing users to a page which looks like YouTube.

The phony page asks the user to install a video player upgrade.

Installing the fake upgrade allows the worm to work its magic and access files on the victim’s machine while destroying their Facebook account.

Facebook has begun combating the virus by deactivating link when it can.

Facebook has not released an official comment regarding the attack.

No comments:

Post a Comment