Kaspersky Labs, has detected two variants of a new worm, Networm.Win32.Koobface.a. and Networm.Win32.Koobface.b, which attack MySpace and Facebook users.
The worms transform victims machines into zombie computers to form botnets which are used to create DDOS attacks and send spam email.
Net-Worm.Win32.Koobface.a infects the user when they access accesses their MySpace account. The worm creates a range of commentaries to friends' accounts.
Net-Worm.Win32.Koobface.b, targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site.
The messages and comments include texts such as "Paris Hilton Tosses Dwarf On The Street"; "Examiners Caught Downloading Grades From The Internet"; "Hello; You must see it!!! LOL. My friend catched you on hidden cam"; "Is it really celebrity? Funny Moments and many others".
Messages and comments on MySpace and Facebook include links to youtube.[skip].pl. If the user clicks on this link, s/he is redirected to http//youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying that s/he needs the latest version of Flash Player in order to watch the clip.
However, instead of the Flash Player, a file called codesetup.exe is downloaded to the victim machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.
17 Comments - Add comment