Results 1 to 8 of 8

Thread: Social Networkers Beware

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188

    Exclamation Social Networkers Beware

    There are a couple of new worms on the block; one aimed at MySpace and the other at facebook.

    I doubt if anyone here would get caught, but I am sure that we all have relatives, friends, customers and co-workers who might?

    You will need to check your AV to see if they are covered (details here):

    Two variants of the same new worm, Networm.Win32.Koobface.a (the MySpace muncher) and Networm.Win32.Koobface.b (the Facebook fancier) have been detected in the wild by researchers at security vendor Kaspersky Lab.
    Link:

    http://www.snpx.com/cgi-bin/news55.c...0939001?-14215

    So, if you get a message along the lines of "Britney indicted for lewd act with bisexual gopher" it probably isn't what it says

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    So, if you get a message along the lines of "Britney indicted for lewd act with bisexual gopher" it probably isn't what it says
    soooooo, ahem... If someone did happen to think this was a legitimate news article and opened it, how might one remove it? *whistles innocently*

    :-P
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Westin,

    If someone did happen to think this was a legitimate news article and opened it, how might one remove it?
    Are we talking about Britney, the gopher or the worm?

    http://www.diamondcs.com.au/freeutilities.php

    RegistryProt and Process Guard

    http://www.winpatrol.com/

    Winpatrol

    The best bet is not to let them install in the first place.

    To get rid of them when already infected I would reboot to safe mode with networking and run the Panda online scanner. Other online scanners probably work as well but I know that Panda are aware of these two worms.



    All folks have to remember is that when they are using IM, e-mail or social networking:

    1. You do not edit the Registry.
    2. You do not download software.
    3. You do not install software.

  4. #4
    For the last few days on Facebook I've been getting a message that my Flash Player is out of date and I need to update it. This happens on lots of pages, not just particular pages with user-uploads on them.

    Being a web developer by trade, I always have the latest version installed, but double-checked on the Adobe site and sure enough my version is the most current.

    The one Facebook was/is trying to get me to download is a slightly lower build of Version 9.

    Not sure if this is tied in with the nasties being spread through Facebook or whether they got their Flash version detection wrong (I'm on a Mac and sometimes people's code doesn't quite work for us).

    Cheers,
    Niggles

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Niggles,

    I came across this:

    Adobe has issued a call-to-arms for users to validate installers before downloading Adobe Flash software updates. This has become necessary due to confirmed reports that malicious hackers are starting to use fake Flash Player downloads as social engineering lures for malware.
    The company’s notice comes as a result of malware attacks on Facebook, MySpace and Twitter that attempt to trick Windows users into installing a Flash Player update that turns out to be a malicious executable.
    An article was posted on the Adobe Product Security Incident Response Team website yesterday (August 4th 2008) advising of precautions that should be taken to avoid downloading and installing a fake Adobe Flash Player Update.


    The Adobe article is here:



    http://blogs.adobe.com/psirt/2008/08...nstallers.html

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    It was at the back of my mind but went over my head - I will go through adobe now
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    I took a screengrab when it happened this morning. It looks so nicely formatted it's so very tempting to click it :-)

    It's possible it may be legit, but whether or not Adobe recommends only updating from their site, when you embed Flash Video etc in a page using Dreamweaver it has version checking code which will ask you to update if you have a lower version of Flash.

    So if someone visits one of our client's sites where we've used Flash Video, they may be asked to upgrade.

    How is Joe Average meant to know the difference?

    I only didn't install it because a) I don't trust social networking sites and b) I know for sure my Flash is up to date.

    Cheers,
    Niggles
    Attached Images Attached Images

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    How is Joe Average meant to know the difference?
    They don't have to, just follow the rules:

    1. If you are asked to update an application, minimise, start new session and update from the official site. Just don't do it from the site that prompted you. Go back to page and refresh.

    2. If it still doesn't work.............. go find another pr0n site

    when you embed Flash Video etc in a page using Dreamweaver it has version checking code which will ask you to update if you have a lower version of Flash.
    If Dreamweaver doesn't work then don't use it, or use it properly Just don't provide a link, only a text version of the official update site, and advise the visitor to copy and paste. I don't know Dreamweaver, but if it normally provides a hyperlink then perhaps you can turn that feature off or at least present it in the same colour as the background so it is not apparent?

    I think that for Mac users you could put in a text message to warn them that they may get false positives and to use the official site. That should tackle the compatibility issue?

    The end result will be the same will it not? If I have the latest version and the site doesn't recognise it, then no trip to a scammer's site will either?

    Sooner or later developers will realise that "almost works" or "works sometimes" just isn't good enough?.................. they will probably see it in their paychecks first?

    Unfortunately the bad guys will always be one jump ahead, and it is difficult to persuade customers to invest in preventative measures when they haven't seen any tangible problem.

    I will be interested to see what the owners of these social networking sites come up with.......... after all a loss of credibility is a loss of revenue?

Similar Threads

  1. Secured: Fact or Fiction?
    By huminapenguin in forum Miscellaneous Security Discussions
    Replies: 4
    Last Post: December 17th, 2003, 06:28 PM
  2. social engineering
    By huminapenguin in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: December 16th, 2003, 12:42 AM
  3. Social Engineering: Part I
    By Remote_Access_ in forum The Security Tutorials Forum
    Replies: 14
    Last Post: January 15th, 2003, 03:31 AM
  4. Social Engineering: The Overview
    By jdenny in forum The Security Tutorials Forum
    Replies: 8
    Last Post: August 29th, 2002, 10:17 AM
  5. The Ultimate Social Engineering tutorial!
    By Isellcrack4FBI in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: July 4th, 2002, 02:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •