Social Networkers Beware

There are a couple of new worms on the block; one aimed at MySpace and the other at facebook.

I doubt if anyone here would get caught, but I am sure that we all have relatives, friends, customers and co-workers who might?:eek:

You will need to check your AV to see if they are covered (details here):

Quote:

---

Two variants of the same new worm, Networm.Win32.Koobface.a (the MySpace muncher) and Networm.Win32.Koobface.b (the Facebook fancier) have been detected in the wild by researchers at security vendor Kaspersky Lab.

---

Link:

http://www.snpx.com/cgi-bin/news55.c...0939001?-14215

So, if you get a message along the lines of "Britney indicted for lewd act with bisexual gopher" it probably isn't what it says :lildevil:

Quote:

---

So, if you get a message along the lines of "Britney indicted for lewd act with bisexual gopher" it probably isn't what it says

---

soooooo, ahem... If someone did happen to think this was a legitimate news article and opened it, how might one remove it? *whistles innocently*

:-P

Hi Westin,

Quote:

---

If someone did happen to think this was a legitimate news article and opened it, how might one remove it?

---

Are we talking about Britney, the gopher or the worm? :jester:

http://www.diamondcs.com.au/freeutilities.php

RegistryProt and Process Guard

http://www.winpatrol.com/

Winpatrol

The best bet is not to let them install in the first place.

To get rid of them when already infected I would reboot to safe mode with networking and run the Panda online scanner. Other online scanners probably work as well but I know that Panda are aware of these two worms.

:)

All folks have to remember is that when they are using IM, e-mail or social networking:

1. You do not edit the Registry.
2. You do not download software.
3. You do not install software.

For the last few days on Facebook I've been getting a message that my Flash Player is out of date and I need to update it. This happens on lots of pages, not just particular pages with user-uploads on them.

Being a web developer by trade, I always have the latest version installed, but double-checked on the Adobe site and sure enough my version is the most current.

The one Facebook was/is trying to get me to download is a slightly lower build of Version 9.

Not sure if this is tied in with the nasties being spread through Facebook or whether they got their Flash version detection wrong (I'm on a Mac and sometimes people's code doesn't quite work for us).

Cheers,
Niggles

Hi Niggles,

I came across this:

Quote:

---

Adobe has issued a call-to-arms for users to validate installers before downloading Adobe Flash software updates. This has become necessary due to confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware.
The company’s notice comes as a result of malware attacks on Facebook, MySpace and Twitter that attempt to trick Windows users into installing a Flash Player update that turns out to be a malicious executable.
An article was posted on the Adobe Product Security Incident Response Team website yesterday (August 4th 2008) advising of precautions that should be taken to avoid downloading and installing a fake Adobe Flash Player Update.

---

The Adobe article is here:



http://blogs.adobe.com/psirt/2008/08...nstallers.html

It was at the back of my mind but went over my head - I will go through adobe now :)

I took a screengrab when it happened this morning. It looks so nicely formatted it's so very tempting to click it :-)

It's possible it may be legit, but whether or not Adobe recommends only updating from their site, when you embed Flash Video etc in a page using Dreamweaver it has version checking code which will ask you to update if you have a lower version of Flash.

So if someone visits one of our client's sites where we've used Flash Video, they may be asked to upgrade.

How is Joe Average meant to know the difference?

I only didn't install it because a) I don't trust social networking sites and b) I know for sure my Flash is up to date.

Cheers,
Niggles

Quote:

---

How is Joe Average meant to know the difference?

---

They don't have to, just follow the rules:

1. If you are asked to update an application, minimise, start new session and update from the official site. Just don't do it from the site that prompted you. Go back to page and refresh.

2. If it still doesn't work.............. go find another pr0n site :lildevil:

Quote:

---

when you embed Flash Video etc in a page using Dreamweaver it has version checking code which will ask you to update if you have a lower version of Flash.

---

If Dreamweaver doesn't work then don't use it, or use it properly ;) Just don't provide a link, only a text version of the official update site, and advise the visitor to copy and paste. I don't know Dreamweaver, but if it normally provides a hyperlink then perhaps you can turn that feature off or at least present it in the same colour as the background so it is not apparent?

I think that for Mac users you could put in a text message to warn them that they may get false positives and to use the official site. That should tackle the compatibility issue?

The end result will be the same will it not? If I have the latest version and the site doesn't recognise it, then no trip to a scammer's site will either?

Sooner or later developers will realise that "almost works" or "works sometimes" just isn't good enough?.................. they will probably see it in their paychecks first?

Unfortunately the bad guys will always be one jump ahead, and it is difficult to persuade customers to invest in preventative measures when they haven't seen any tangible problem.

I will be interested to see what the owners of these social networking sites come up with.......... after all a loss of credibility is a loss of revenue?