What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  TrustedSource™ Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 


Latest Malware Threats
 RSS Feed
Trojan.BHO.QW2008-11-20
Trojan.Dldr.Agent.amzp2008-11-20
Trojan.PSW.Nilage.bvl.12008-11-19
Trojan.PSW.Online.cfd2008-11-19
Win32.Chir.B2008-11-13
Trojan.Agent.ahze2008-11-12
View Malware Library
 

TrustedSource™ Blog

MyWorm is your worm is everybody’s worm

August 5th, 2008

There is a new worm in the wild which targets users of the social networking sites MySpace and Facebook. The worm misuses the functions of these popular networking sites; by posting comments and sending messages like

  • Paris Hilton Tosses Dwarf On The Street“,
  • OMG!!! This is you on hidden cam“,
  • You must see it!!! Funny video clip” or
  • Funny cartoon! I think it’s FAKE!! What do you think about this?

to all of your friends on your contact list, the worm tries to fool these by clicking a link to a malicious web site which hosts a copy of the worm itself. Comments generated by the worm look like this:

The worm also sends personal messages directly to all your contacts. This is a screenshot of a user receiveing such a message:

If a user follows the lure and wants to see what is behind these funny videos, he will be redirected to a fake Youtube-lookalike page. The page tells the user that your version of Flash Player is out of date; for “convenience” a link to the update is provided. A file named ‘codecsetup.exe’, which is in fact a copy of the worm itself, is presented to the user.

If a user follows the lure of this common social-engineering trick and executes the worm, the whole game starts again. The worm will contact a server in the Czech Republic with an HTTP POST request to get further instructions. This way the malware authors could easily adjust the actual links and comments posted by the worm. For example, if the fake codec domain is terminated or blocked, the malware authors could instruct the worm to point to a new malicious location in the next messages and comments. Right after new instructions are received, all of the new victim’s friends will receive malicious messages as shown in the above examples.

This worm - targeting MySpace and Facebook at the moment - shows that in today’s “Web 2.0″ world you can’t trust content allegedly coming from your friends. Like it is known for E-mail messages for years, messages and their sender addresses in a social network can be forged as well, pretending to be from your personal contact but in fact being sent out by a malicious piece of software. The Secure Anti-Malware Engine blocks this threat proactively as “Trojan.Downloader.Gen”.


Author: Anti-Malware Team

Back to TrustedSource™ Blog overview

Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

ANY INFORMATION PROVIDED BY SECURE COMPUTING ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL SECURE COMPUTING BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. SECURE COMPUTING HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.