Social networking worm detected

News by Dan Raywood

A malicious worm that works through Facebook has been detected.

A malicious worm that works through Facebook has been detected.


Fortinet has revealed that the worm sends a message via the social networking site encouraging the users' friends to access a fake YouTube page with a spam Google Reader address.


If the recipient clicks on the link they are encouraged to download a Trojan downloader that is disguised as a Codec.


This is in effect a double attack as it gives the targeted user the feeling that the video is hosted on Google, therefore it must be safe, and as it appears to have come from a factor, which naturally lowers security instincts, it is feared that this could be spread easily.


Guillaume Lovet, senior manager at Fortinet's FortiGuard Global Security Research Team, has warned of messages with a link inside, and offered the following tips to avoid malicious downloads.


Lovet said: “If you do detect any such messages, ask yourself if the message you're reading is from who it claims to be. It is actually very easy to separate messages that are from people you know, and imitators, as worms cannot imitate people's own style of writing.


“A lot of social engineering sleight of hand used by social networking sites rely on teasing the victim into watching a video. Keep in mind that online videos share a very common format (i.e. Flash), so if you can normally see flicks on YouTube or dailymotion, you won't ever need any additional plugin or codec. Most importantly: codec which come in the form of executable setup files are, in this context, Trojans.”

Fortinet also warned against surfing with a browser that is not up-to-date with security updates and to use antivirus protection if you have already been infected.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews