Facebook and MySpace malware

Filed Under: Malware, Social networks

Our friends at Kaspersky reported at the end of last week the discovery of the so-called Koobface malware which accesses infected users' Facebook and MySpace accounts.

A few people have been in touch asking if Sophos detects the malware. Well, I'm pleased to report that we detect the various malware elements proactively as Mal/Heuri-E, Mal/Heuri-D, Mal/Emogen-N and Mal/Packer.

The malware is written in Visual C++ version 6.0, and has been packed in an attempt to make analysis and detection more difficult for security researchers. The malware works by directing your 'friends' on the social-networking websites to click on a link to another site purporting to contain a video clip. If they are tricked into downloading an executable to 'watch' the video at the third party website, a message is displayed:

"Error installing Codec. Please Contact Support"

The malware then accesses Facebook/MySpace to spread itself further.

Anyone falling for this trick is risking turning their computer into a spam-spewing bot, and opening themselves up to the danger of identity theft.

So, what is newsworthy about this is that the messages are being sent via Facebook or MySpace - whereas normally the messages with the dangerous web links are spammed out, or posted on message boards. The way to defend yourself is the same as always - think very carefully before you click on an unsolicited web link, and defend your company with a web appliance which scans for malicious content.

Of course, the fact that the messages are spread via social networking websites may make some people more susceptible to clicking on the links rather than if they had arrived via regular email (where many people are used to receiving 'bad stuff').

The Web 2.0 element of this malware echoes some of the trends that we commented on in the recent Sophos Security Threat Report - it wouldn't be a surprise to see more malware writers and spammers abusing social networking websites in the future.

* Image source: Pshab's Flickr photostream (Creative Commons 2.0)

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.