Chinese social network hit by Pink Floyd video worm

Filed Under: Malware, Social networks, Video

Renren
Sophos's recent Security Threat Report highlighted the growing number of attacks we are seeing via social networks such as Facebook and Twitter. In fact, 21.2% of those polled said that they had been on the sharp end of malware spread via a social networking site.

One thing that is sometimes forgotten, however, is that it's not just world famous social networking sites which can be exploited by cybercriminals. There are plenty of Facebook "clones" (for want of a better word) that have sprung up in countries around the world and have strong local followings.

One such social networking website is Renren, formerly known as Xiaonei Network, which is extremely popular in China with some 40 million registered users (making it more successful than Facebook in the country).

Boris Lau, one of the analysts in our labs, has blogged about a XSS (cross-site scripting) worm that has spread via user profiles on Renren, posing as a video of Pink Floyd's classic song "Wish you were here".

Renren Pink Floyd message

Clicking on the message results in a malicious JavaScript being run on your computer which in turn helps the malware spread further across the social networking site. Sophos detects the worm as W32/Pinkren-A.

(By the way, the Yupoo.com site advertised in the image above is a popular photo-sharing site in China).

XSS vulnerabiliies are nothing new to social networking sites of course, and can be a highly effective way to spread malware quickly.. For instance, earlier this year we saw the Mikeyy worms spread rapidly through Twitter.

So, don't forget, if you're really keen to watch a video of Pink Floyd's classic golden oldie "Wish you were here", your best bet might be to buy a concert DVD or do a quick search on YouTube:

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.