Facebook has been taking a few heavy hits lately. First there was a huge flap over their updated terms of service. That resulted in the company reverting to its older ToS agreement just to quell the outrage. Now it’s the appearance of a new variant of a worm, dubbed “Koobface” (Facebook spelled half backwards, get it?) by researchers who first isolated it in the wild.

To be fair, Facebook isn’t the only social networking site that’s been hit. About ten sites, including Friendster and MySpace, have reported sightings of Koobface recently. Thus, these are also potential breeding grounds for the new worm.

The attack itself is fairly basic: a user receives a message, allegedly from someone in their network, directing them to a YouTube video. However, the URL in the message actually sends you to a faked YouTube site that apparently looks pretty convincing. This site (major warning flag!) tells you it needs to install a new Adobe Flash version in order to play the video you’re allegedly getting ready to watch.

The result is predictable: the “Flash update” is a fake, and you end up with malware installed on your machine.

The good news is that the infection appears to be fairly small at present. According to the article, “this latest incarnation of Koobface doesn’t appear to be widespread. Trend Micro has only found 28 computers infected by it worldwide (26 in the U.S. and the other two in France).”

The bad news is that it’s only one of four (yes, really) infected applications that have shown up on Facebook recently. “One of these malicious applications tries to trick people into adding it by claiming that their friends were having trouble looking at their profiles. If the application is added it spams itself to every Facebook friend that a member of the site has, according to the BBC.” Like I said, they’ve been taking a few heavy hits lately.

The obvious warning is: be careful what you click on while visiting social networking sites. These have become a major vector for malware distribution, and few roadblocks are presently in place to prevent worm authors from publishing evil applications. I’m a Facebook user, and I’ve taken to ignoring all application requests. That might not be the friendliest response, but it’s the safest.

This entry was posted on Tuesday, March 3rd, 2009 at 6:17 pm and is filed under Malware, Social Networks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.