And I just got one. It's the Koobface worm, it says here: Koobface Re-Activated! and here, and here, and here, and other places, no doubt.
In my case it was an email that seemed to be from Facebook announcing that a friend had sent a message, but the style was unfamiliar, which should have been the tip-off.
Subject: Firstname Lastname sent you a message on Facebook ...
Firstname sent you a message.
--------------------
(no subject)
youtube
poison url goes here
(The url is disguised by having www.facebook.com at the beginning, but in my case at least continued to bit.ly as the real destination, which, of course, was not the real destination.)
That's it. There is usually quite a bit more stuff in one of these message notifications. When I took a look at Facebook, I saw the message in my inbox, but by that time, I knew not to click it.
Clicking the url takes you to a screen with Facebook-like fonts and colors that says "Leaving Facebook ... Never use your Facebook password outside of the Facebook site." (That's a paraphrase, I'm not going back there to look at it again.) It then goes to something that looks like YouTube. If you're quick you can see that it actually says YuoTube at the top of the screen. It then tells you you need Flash version 10.37, and the download starts right away.
Apparently the thing affects both the computer of the victim, and his or her profile.
Trend Micro has a chart of the botnet, or parts of one of them, anyway.
Happy Facebooking, everyone!
Update: Morgan Freeberg links, and has quite a bit more to say, particularly about those apps that seem so cute.
1 comment:
Removing a virus can be very difficult to do manually. Generally, the virus installs dozens of malicious files on all computers. This includes forms of spyware and other malicious software. Many of these files, DLL files and registry that can interfere with system processes. They can damage the hard drive and make sensitive information at risk. This includes passwords, social security and credit cards.
Post a Comment