PC World Philippines

Posts Tagged ‘ malware ’

Twitter Becomes More Proactive About Phishing

By Fei on March 12, 2010

By Ian Paul
March 12, 2010

SAN FRANCISCO - Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year. On Wednesday, Twitter introduced its own anti-phishing service designed to protect its users from these types of attacks. The new security measures will focus on Twitter direct messages (DMs) — private tweets addressed to a specific user — and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages.

DMs will now be routed through Twitter’s anti-phishing service to “detect, intercept, and prevent the spread of bad links,” Del Harvey, director of Twitter’s trust and safety team, wrote in a recent blog post. After Twitter has approved a link, it will be delivered to users via a new ‘twit.tl’ URL instead of bit.ly, tinyURL or other link-shortening services. Twitter also claims that if a bad link gets through to a user via e-mail, the company would still “be able to keep that user safe.”

Social Phishing

Phishing scams are often used to harvest log-in credentials for social networks and financial sites by encouraging users to log in to phony versions of legitimate Websites. These types of scams often entice users to click on a bogus link to check out a new video or log in to a particular service to verify some data. The fake Website can then either inject some form of malware onto your computer or steal your log-in credentials to the legitimate site. Typically, phishing messages use URL shortening services to mask the phony site’s actual Web address.

Malicious activity like this has become a regular problem for social networking services and tools, and some are starting to be more proactive about dealing with the issue. Bit.ly checks all links created using its service against three independent malware blacklists to help fight phishing and malware scams. Bit.ly is Twitter’s default link-shortening service.

Another URL-shortening service, Tr.im does not specify how or if it monitors for phishing attacks, as far as I could tell anyway, but it does have a spot on its Webpage where users can report suspicious or spammy tr.im links. TinyURL does not publicly state it protects against abuse of its service, but states at the bottom of its homepage that it forbids illicit uses of its services.

Facebook last month instituted an automated security system in partnership with security firm McAfee, after being targeted with its fair share of phishing scams. The new system is supposed to help detect user accounts that may have fallen prey to malicious activity; however, Facebook’s malware strategy may not be as effective as it could be, especially since it’s designed, at least in part, to sell McAfee security software to its users.

Google’s new social networking experiment Google Buzz is also reportedly proactive about phishing scams. Google recompresses images sent to Buzz and scans all links in Buzz against its blacklist of Websites, according to Webpronews. Google also reportedly has spam detection and abuse monitoring in place for Google Buzz comments.

The Problem with Lists

Of course, the downside of any Website blacklist is that it will never be large and agile enough to catch the newest scam sites. Since the use of blacklists is the most common way modern Web browsers and security services protect users against malware, the best defense is still to trust one’s own instincts.

Be wary of oddly worded or unsolicited messages you receive through social networking sites, and make sure you don’t log in to a site based on a link you received via e-mail. More importantly, make sure the site you’re trying to log in to is the real thing by verifying you have the right URL in your browser’s address bar — Facebook has a brief explanation about legitimate URLs here. Automated protection against phishing scams and malware is a great help, but in the end it’s no substitute for common sense.

Lose the Trojan

By Fei on March 8, 2010

By Lincoln Spector
March 8, 2010

SAN FRANCISCO - Deb asked the Answer Line forum how she can remove a Trojan from an infected .dll file called infamiqayoq.dll. Her security software quarantined the file, but now she gets an error message every time she boots.

That file is the Trojan, and serves no valid purpose. The strange file name (which as I write this yields nothing in a Google search beyond Deb’s PC World forum post) gives it away. Malware programs often rename themselves to random character strings as they propagate.

Now that the file is quarantined, best to let the security program delete it entirely.

But what about that error message every time you boot? With the file gone, the message is just a harmless annoyance. But it’s still best to get rid of it. Select Start (Start, then Run in XP), type msconfig, and press ENTER. Click the Startup tab. Search the Command column in the resulting table (you may have to expand it) until you find the culprit. Uncheck and it and click OK.

As SpiritWind pointed out in the original forum discussion, the Trojan probably put more than one file on your PC, so it’s best to scan the hard drive again. Use your existing security software, but follow that up with a scan from something else. And I’m still recommending the free version of either SUPERAntiSpyware or Malwarebytes’ Anti-Malware–or both.

Twitter Phishing Scam: Blame Browsers and Users

By Fei on March 1, 2010

By Jared Newman
March 1, 2010

SAN FRANCISCO - With banks, newspapers, and politicians in Britain overrun by a blatant Twitter phishing scam, it’s time to point some fingers. Most disappointing are browsers and users, both of which failed to recognize an obvious ruse.

Specifically, I’m calling out Firefox and old browsers. After receiving a malicious “This you????” link from a follower, I tried it with all the browsers at my disposal, including Firefox 3, Google Chrome, Internet Explorer 8 and mobile Safari for the iPhone. Firefox was the only one that didn’t throw up a warning page when I tried to visit the link.

In fairness, Firefox is usually better than this. A report by NSS Labs last year found that Firefox 3 and Internet Explorer 8 blocked 80 percent and 83 percent of phishing sites, respectively — far superior to the competition. But what good are those numbers if you don’t block the big one? It’s like batting with the highest average during the regular season and choking in the playoffs.

I imagine that older versions of browsers fell prey to the attacks as well, but I couldn’t test those out. After all, Internet Explorer 8 was the first version to include a phishing filter, so older versions might not have warned users.
It’s also hard to believe that so many Twitter users fell for the phishing scam. This one had all the telltale signs: A shortened URL, an actual URL hosted on a different domain (kevanshome.org) and a login page that doesn’t quite follow Twitter’s format, but has all the same graphics. And if you’re already signed in to Twitter, there’s no reason you’d need to sign in again.

As with any phishing attack on a social network, Twitter shoulders some of the blame for merely letting it go on for too long, but I understand that Web services get attacked often, and the major ones aren’t immune. In the end it comes down to having a browser that’s got your back and some computer smarts when all else fails. Apparently some high-profile people across the pond had neither.

Malware Aims to Evade Windows 7 Safeguards

By Fei on February 1, 2010

By Erik Larkin
February 1, 2009

SAN FRANCISCO - Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

“Windows 7 is more secure, and upgrading to it is a big improvement,” says Chester Wisniewski, a senior security advisor with software-maker Sophos. “But it’s not going to stop malware in its tracks.”

Exploits Take a Hit

Digital crooks generally use two tactics to install malware on a PC. Exploits often take the form of a snippet of attack code hidden on a Web page–often a hacked-but-otherwise-benign site. When you browse the page, the exploit hunts for software flaws in Windows or in third-party programs such as Adobe Flash or QuickTime. If it finds one, the exploit may surreptitiously install malware without any hint of the attack.

In contrast, social engineering attacks try to trick you into downloading and installing bot malware that poses as a useful program or video. Some attacks combine tactics, as when a scammer sends an e-mail message encouraging you to open an attached PDF file, only to trigger an exploit buried in the file that then hunts for a flaw in Adobe Reader.

Security upgrades in Windows 7 could help prevent many attacks that target software flaws. ActiveX attacks, once the bane of Internet Explorer users, may “pretty much disappear” due to IE 8’s Protected Mode, says H.D. Moore, chief security officer at Rapid7 and creator of the Metasploit testing tool.

The arcane-sounding Address Space Layer Randomization makes it harder for crooks to find a vulnerability for a running program in your computer’s memory. The related Data Execution Prevention feature attempts to prohibit an attack from taking advantage of any flaw that it may discover.

“These two, in particular, could have a very large impact,” says Wisniewski. Still, though ASLR and DEP were expanded to protect more programs in Windows 7 than in Vista, they don’t cover all applications.

Vista Safer Than XP?

For a sense of what that impact might be, we can look at how Vista fared against malware. Microsoft’s latest Security Intelligence Report covers the first half of 2009, prior to Windows 7’s release. It’s based on data from the Malicious Software Removal Tool, which Microsoft distributes via Automatic Updates to fight common malware infections. According to that data, the infection rate for an up-to-date Vista computer was 62 percent lower than that for an up-to-date XP system.

It’s possible, of course, that Vista users are technologically savvier on average, and so less likely to fall victim to malware. The sample sizes for XP and Vista, which Microsoft didn’t include in the report, might skew the statistics, as well.

But Sophos’s Wisniewski thinks that ASLR and DEP are factors, too. And since those features are expanded in Windows 7, there’s reason to hope they’ll continue to be effective.

“I don’t see this going away anytime soon,” says Moore. He notes that there are plenty of ways crooks can and likely will continue to ply their evil trade against the new OS. But “it does raise the bar,” Moore says.

Hacking People, Not Programs

Exploit-based attacks may be harder to pull off against Windows 7, but social engineering attacks may be as dangerous as ever. And the theoretically less-annoying User Account Control does little to disable poisoned downloads.

In October, Sophos ran a test to see how Windows 7 and UAC would handle malware. First, the testers grabbed the first ten samples of malicious software that came into their lab. They then ran those samples on a fresh Windows 7 machine with UAC at its default settings, and with no antivirus installed.

Two samples couldn’t run on Windows 7 at all. But at its default setting, UAC blocked only one sample, leaving seven pieces of malware that loaded right up.

Sophos’s test highlights two points. First, Wisniewski and others say, UAC isn’t designed to block malware as much as it is to encourage programmers to write software that doesn’t require special privileges–so you shouldn’t count on it for protection.

Second, if a bad guy tricks you into downloading a Trojan horse, ASLR and DEP don’t matter. IE 8’s SmartScreen filter and similar features in other browsers might block known nasties, but the malware universe is bigger than that.

Social engineering ruses include using a hijacked social network account to send malware lures to friends of the owner, sending a link to a supposed video taken of a friend, and hiding a poisoned URL in a shortened link of the type commonly used on Twitter. (For more on such dangers, see “How to Stop 11 Hidden Security Threats.”)

Toss in other tried-and-true scams such as videos that instruct you to install a codec file (but instead lead you to a malware download), and phony documents attached to e-mail messages that appear to come from coworkers, and it becomes clear why Windows 7 users can’t let their guard down.

2010 cyberthreat forecast from Kaspersky Lab

By Jon on January 2, 2010

January 2, 2009

When asked about what will happen in 2009, a rise in global epidemics was at the top of Kaspersky Lab’s prediction list. Kaspersky Lab, a leading developer of Internet threat management solutions that protect against all forms of malicious software, has seen that prediction to be true — 2009 was dominated by sophisticated malicious programs with rootkit functionality, Conficker, Web attacks and botnets, SMS fraud and attacks on social networks.

With the start of 2010, researchers and analysts from Kaspersky Lab have come up with a list of six predictions for what will be the New Year’s greatest threats and newest attack vectors.

1.       A rise in attacks originating from file sharing networks.
This year, we will see a shift in the types of attacks on users, from attacks via Web sites and applications toward attacks originating from file sharing networks.

2.       An increase in mass malware epidemics via P2P networks.
In 2009 a series of mass malware epidemics has been “supported” by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.

3.       Continuous competition for traffic from cybercriminals.
The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more “grey” schemes in the botnet services market. These so-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.

4.       A decline in fake anti-virus programs.
The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.

5.       An interest in attacking Google Wave.
When it comes to attacks on Web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

6.       An increase in attacks on iPhone and Android mobile platforms.
The year 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

“Malware will continue to further its sophistication in 2010 with specific malware families requiring significant resources from anti-malware companies to adequately fight them,” said Roel Schouwenberg, senior malware researcher at Kaspersky Lab. “Third party program vulnerabilities will continue to be the target of choice by cybercriminals with Adobe continuing to be the main target. And finally I believe that with the introduction of real-time search, black hat SEO and social networks will become an even bigger focus of cybercriminals.”

Twitter warns of new phishing attack

By Jon on October 28, 2009

By Daniel Ionescu
October 29, 2009

Twitter is warning users of a new phishing scam spreading through direct messages on the network, which redirect users to a fake log-in page to steal their passwords.

Through its Spam Watch account, Twitter warned: “We’ve seen a few phishing attempts today (Wednesday); if you’ve received a strange (direct message), and it takes you to a Twitter log-in page, don’t do it!”

The phishing direct messages take the form of: “hi. this you on here? http://blogger.djh****.com” (Part of the hyperlink removed for security). The site that this hyperlink redirects recipients to is designed to grab your Twitter username and password as soon as they are entered.

After one’s Twitter login credentials are entered into the phishing site, the page redirects to a fake “Twitter over capacity page,” with the famous Twitter Fail Whale. This is not a genuine Twitter page.

Security firm Sophos advises users that fell for the phishing scam to immediately change their Twitter passwords and also any other sites where the same log-in credentials are used.

Sophos say on their blog that “hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, and in the same way they are after compromised social networking accounts.”

As long as you do not click on the link from this direct message, you should be safe from the phishing attack. It is recommended that you delete any similar messages as soon as you receive them.

Filipinos to get optimum protection from Kaspersky Lab’s intuitive solutions

By Jon on August 7, 2009

Kaspersky Lab, a developer of secure content management solutions, releases in the Philippines market its latest generation of solutions - the Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 - that are sure to safeguard the computers of home users against fast-evolving Internet threats such as worms and malwares.

Aside from ensuring optimum protection, Kaspersky Lab made sure that the 2010 edition of its flagship products are more user-friendly even for novices.

Also, the growing legions of online gamers in the country will find the Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 as welcome additions in their systems as they facilitate quicker server response times.

“From protection to usage, you can readily notice the meticulous upgrades that we have introduced in the new generation of our personal range of products. The Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 pack the latest technologies that users can rely on in protecting their computers and devices from any security threats when they encounter any unknown and unsure circumstances,” said Suk Ling Gun Kaspersky Lab managing director for Southeast Asia.

The new 2010 version products incorporate the advantages of advanced Host-based Intrusion Prevention System (HIPS) technology in the Application Control module that assigns a security rating to previously unknown malware. They also utilize the unique Sandbox technology with Safe Run, a functionality that allows new software to run in an isolated environment that protects the operating system from all malicious changes. This is important because statistically, it has been demonstrated that vulnerabilities in operating systems and trusted applications are often exploited by hackers to attack applications that make use of the Internet.

The 2010 edition of the Kaspersky Lab products also employ the innovative Kaspersky Security Network that uses information from millions of users to dramatically reduce response times to new threats and replenish reputation databases with the most up-to-date information about clean and infected files. These security solutions were developed with Windows Vista in mind, making them fully compatible with that operating system.

The limited Collector’s Item Special Edition Kaspersky 2010 products with Jackie Chan, the brand’s official endorser, on the cover is available for a limited time and quantity only. With this, the brand has also released an advertisement featuring the Hong Kong superstar.

Kaspersky Lab also presented the v8.0 of the Kaspersky Mobile Security (KMS8), a security solution geared for protecting smartphones from theft, loss and data leaks. It features cutting edge technologies such as the SMS Find, Anti-theft Module, SIM Watch Module, integrated firewall and the vastly improved Anti-spam Module.

“The Kaspersky Mobile Security 8.0 will spare Filipinos from the heartaches and headaches that the loss of their precious smartphones may cause. We know that in the Philippines, the people value their mobile phones so much,” said Gun.

The SMS Find gives phone users a higher probability of recovering their lost or stolen mobile phones by giving Google Maps coordinates of the device. It also allows parents to locate their children if they are using smartphones that have GPS. However, if the SIM card has been removed after the phone has been lost, the SIM Watch feature kicks in where the KMS will send a hidden message notifying the owner of the new number, thus, enabling the law enforcement agencies to track the stolen device.

The Anti-theft module, on the other hand, allows the user to remotely block access to or completely wipe the memory of the device by simply sending a codeword via SMS to the mobile number. Other security features of the KMS8 include the Anti-spam which blocks unsolicited and unwanted calls, a password protected safe folder for confidential and potentially sensitive files and an integrated firewall, among others.

The new Kaspersky Mobile Security 8.0 was developed with all the compatibility requirements for Symbian OS 9.1, 9.2, 9.3 and Windows Mobile 5.0, 6.0, 6.1 in mind. It retails at P980. Versions compatible with other mobile operating systems are in the works.

Kaspersky Internet Security 2010 for three users will retail for P2,980.00 while the Kaspersky AntiVirus 2010 will retail for P2,110.00. Each purchase will come with a gift certificate from Burger King, while stocks last.

USA to blame for one in six spam e-mails, Sophos reports

By Jon on July 21, 2009

IT security and data protection firm Sophos has published its report on the latest trends in spam, revealing the top twelve spam-relaying countries for the second quarter of 2009. By scanning all spam messages caught in SophosLabs‘ global network of spam traps, researchers have identified the top ‘Dirty Dozen’ spam relaying nations between April and June this year.

During the second quarter of 2009, the USA continued to relay more spam than any other country - the nation’s 15.6% contribution to global spam traffic meaning that more than one in six junk e-mails were sent through compromised computers in the country. In contrast, Russia, a former spam super-power, continues to fall down the ranks.

Russia currently resides at ninth position in the chart, relaying a mere 3.2% of spam messages. This represents a significant reduction compared to the same time last year when the country came second only to the United States and was responsible for relaying 7.5%of all spam e-mails.

Poland has seen the biggest single increase in spam output since the last quarter, moving up from tenth to sixth place in this global ‘hall of shame’, with the country now responsible for relaying 4.2% of all the world’s electronic junk messages. Colombia is the only nation to have left the ‘Dirty Dozen’ since Q1 2009, with Vietnam a new entry this quarter.

The top twelve countries responsible for relaying spam across the globe between April and June 2009 are as follows:

1. United States	15.6%
2. Brazil	11.1%
3. Turkey	5.2%
4. India	5.0%
5. South Korea	4.7%
6. Poland	4.2%
7. China (including Hong Kong)	4.1%
8. Spain	3.4%
9. Russia	3.2%
10. Italy	2.8%
11. Argentina	2.5%
12. Vietnam	2.3%
Others	35.9%

“Barack Obama’s recent speech on cybersecurity emphasised the threat posed by overseas criminals and enemy states, but these figures prove that there is a significant problem in his own back yard. If America could clean up its compromised PCs, it would be a considerable benefit to everyone around the world who uses the net,” said Graham Cluley, senior technology consultant for Sophos. ”All Web users need to properly defend their computers from attack, and pledge to never act upon spam messages.”

Spammers exploiting new vectors of attack
Over the past year, the booming popularity of social networking - in particular, micro-blogging service Twitter - has driven growth in services such as TinyURL, bit.ly and is.gd. The services are used to create conveniently shortened links that re-direct to Web pages with lengthier URLs. This is being exploited by hackers that will use the services to obscure links to offensive material or malicious Web sites, and then distribute the links in spam e-mails, as well as posting them on Twitter and other networks.

Earlier this year, link-shortening service Cligs was attacked by hackers, who redirected links created with the service to a single site of their choice - demonstrating how unsuspecting Web users can find themselves visiting unexpected Web sites when clicking on shortened links. As social networking and related online services continue to grow in popularity, Sophos experts note that poorly protected computer users could become more vulnerable to a wider range of spam attacks.

“Clearly the problem isn’t going away, as is illustrated by the large number of sprawling spam campaigns we see on a daily basis,” continued Cluley. ”Although it may seem encouraging to see reductions in the volume of spam that certain countries are contributing, authorities, ISPs and home users across the world need to be doing more to crack down on the spam problem.”

Spam relayed by continent, April-June 2009
Overall by continent, Asia continues to be the biggest offender. Almost a third of spam message originated in the region for the second quarter of 2009, with the nations of South Korea and China being the biggest contributors.

1. Asia	31.7%
2. Europe	27.1%
3. South America	19.4%
4. North America	18.8%
5. Africa	2.0%
6. Oceania	0.6%
Others	0.4%

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their e-mail and Web gateways to defend against viruses and spam.

Twitter suspends accounts of users with infected computers

By Jon on July 11, 2009

By Jeremy Kirk

Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that has targeted other sites such as Facebook and MySpace.

The malware, Koobface, is designed to spread itself by checking to see if a person is logged into a social network. It will then post fraudulent messages on the person’s Twitter account trying to entice friends to click the link, which then leads to a malicious Web site that tries to infect the PC.

The popular microblogging service has had a strong impact as a new communication platform, such as providing on-the-ground insight from participants in the recent protests over the presidential election in Iran. But it is also being targeted by fraudsters and hackers, who use it as a way to infect people’s PCs with malicious software.

Twitter is the latest site to be targeted by a Koobface variant, said Rik Ferguson, senior security advisor for Trend Micro. Other sites have included Bebo, Hi5, Friendster and LiveJournal, according to the US Computer Emergency Readiness Team.

“Koobface has a long, inglorious history and has been relatively successful at infecting machines,” Ferguson said.

At least a couple hundred accounts have been infected by Koobface’s latest efforts, according to Ryan Flores, an advanced threats researcher, writing on Trend’s blog. When it made its first appearance a couple of weeks ago on Twitter, Koobface was just sending out three shortened URLs (Uniform Resource Locators) leading to malware. Flores wrote that Koobface is sending out more bad links this time around.

The use of URL shortening services on Twitter have made it difficult for people to tell what Web site they’ll end up at, Ferguson said. However, Twitter tools such as TweetDeck will show the full URL, which can help make people make a better security judgement, he said.

Some of Koobface’s bad links have advertised, for example, videos of Michael Jackson, where the malware writers are trying to pique people’s interest in current news events, said Graham Cluley, senior technology consultant for Sophos. If a person followed the link, it would lead to a Web site asking the user to download an upgrade for their Flash multimedia players but is actually Koobface, he said.

But Twitter has been fairly quick at shutting down accounts of people who are infected with Koobface and resetting their passwords, Cluley said.

Malware has also spread on Twitter via fake accounts that have been registered using automated tools. Ferguson said Twitter could somewhat guard against that by sending a verification link to an e-mail address during registration, making it more difficult to register dummy accounts en masse.

“That’s real low-hanging fruit for them to address,” Ferguson said.

Koobface gets instructions from a command-and-control server, which tells the malware which messages to send out. Koobface is dangerous on other levels, however, as it can also steal data from a PC or download other malware.

Security software suites should generally detect early versions of Koobface. However, its creators are crafting variants of the malware to try to escape detection, Ferguson said. They do that by obfuscating Koobface’s code and compressing it, which can make it more difficult for security software to spot.

Kaspersky Lab detects over 575 new variants of Koobface

By Jon on July 10, 2009

Kaspersky Lab recently saw an explosion of Koobface modifications throughout the month of June, due to summer and vacations across the northern hemisphere. In just one month, the number of variants detected jumped from 324 at the end of May 2009 to almost 1000 by the end of June 2009.

Koobface, the infamous worm, was first detected by Kaspersky Lab as Net-Worm.Win32.Koobface, and it instantly became popular when it appeared almost one year ago targeting Facebook and MySpace accounts. The Koobface worm is spreading through a legitimate user’s account to their friends’ profiles. Comments and messages sent by the worm contain a link to a fake YouTube-style Web site which invites users to download a “new version of Flash Player”. The worm, rather than a media player, is then downloaded to victim machines. Once a user is infected, he or she will start spreading such messages to his or her friends. In the meantime, the functionality of the worm has been extended. Koobface is now targeting more social networking Web sites like Facebook, MySpace, Hi5, Bebo, Tagged, Netlog and, most recently, Twitter.

As social networks such as Facebook or Twitter are becoming increasingly popular, attacks targeting them are also gaining momentum.

“This sign of increased cybercriminal activity involving social networks in the past month proves that the strategies being used by the bad guys to infect users are much more efficient when adding the social context to their attacks,” says Stefan Tanase, Malware researcher of Kaspersky Lab. “June 2009 marks an important milestone in the evolution of social networking malware — the activity we’ve seen this month exceeds by far any other month in the past.

Kaspersky Lab would like to give a few tips for Users:

Be cautious when opening links coming through suspicious messages, even if the sender is one of your trusted Facebook friends.

Use either Internet Explorer 7 running in protected mode or Firefox with NoScript installed.

Divulge as little personal information as possible. Do not give out your home address, phone number or other private details.

Keep your antivirus software updated to prevent new versions of malware from attacking your computer.

Kaspersky Lab users running any of the Company’s current anti-malware products are fully protected from all known variants of Net-Worm.Win32.Koobface. Kaspersky Lab’s global team of analysts are keeping a close eye on all threats coming from the social networking space, monitoring the malicious activity and constantly updating the protection customers receive.

Page 1 of 2 1 2 »