Attacks continue to spread via social media networks. In this period a new worm has been reported that spreads via Facebook’s instant messaging (IM) feature, and also appears under the guise of misleading messages on other networking sites. It typically arrives as a private IM with a shortened hyperlink; although disguised, this points towards purported images on a website that are actually harbouring malware-loaded .zip archives. Infection results in the disablement of security software and the loading of a secondary virus that monitors the victim’s activity on social sites. This will record private messages posted, deleted, or sent on sites including Facebook, MySpace, Twitter, WordPress and Meebo. The infection can also spread via mainstream IM networks.
The level of infection is currently much lower than for example the most notorious Facebook worm, Koobface, but this is a serious threat that could cause serious reputational damage to those affected (including, of course, corporates). The attack method is also typical of threats that we have previously reported, for example making use of shortening to hide true destinations of hyperlinks, and sending messages that entice people into clicking. Most of these sorts of things are mainly a nuisance, being designed to capture log-in details, or cause people to have to take bogus pay per click surveys, but the potential for highly serious threats via social networks continues to grow, with ever more imaginative methods being applied.
For example, another strain of malware is spreading via messages that pose as Facebook account cancellation confirmation messages. This points the user towards an app running on the Facebook platform, meaning that it goes to a Facebook.com address, something that may give people false confidence. It then asks to run an unknown Java applet on the computer, with the request being repeated if the user clicks “no”, until they acquiesce. This then tells the recipient they need to update Adobe Flash, but the purported update install actually contains a variety of malware. This shows a particularly high degree of social engineering awareness, and the attack is pitched to feed off Facebook users’ fears of being cut off. There is really only one protection, which is extreme caution by the user in terms of dealing with unanticipated messages, and a high degree of continuing education and awareness of the most common scams and attacks.