• Services
• Get Help
• Accounts
• Computer Labs
• Software
• Training
• Network
• Hardware Purchases & Repair
• Information Systems Applications
• Information
• Alerts & News
• Security
• Policies & Standards
• Forms
• About Information Technology
• IT Planning
• Staff
• Organizational Chart

Hot Topic - 20081209

Facebook, MySpace, ClassMates.com and other social networking sites used to aid malware distribution ( 12/09/08 )(03/12/09-similar activity is being reported again)

In 2000, the LoveLetter e-mail virus was let loose. It would infect a computer and send I-LOVE-YOU messages to everyone in the computer's address book appearing to be from the person operating the infected computer ( the last person who clicked on the attachment when they received it ).

In 2006, social networking site viruses were let loose. They infect computers and send "I want to be your friend", "I saw your naked video" or some other message likely to result in a click to everyone in the Facebook/Myspace friend's list of the last person that clicked the message and appearing to come from them.

In general, these messages try to convince you to click a link to view a video, open an attachment, or download a fake software update. They may also take you to a fake login web site to collect your account password.

The ramifications of opening the attachment are the same as if the I-LOVE-YOU message attachment was opened - instant infection.

If you click the link inside one of the messages, you may be taken to a web site that looks like YouTube. If you try and view the video, you may be told you need to install an update, probably for Adobe Flash but it might be for a "video codec", ActiveX control, Microsoft security update, or some other software. If you fall for the scam, you'll be installing the virus on your computer which will login to your Facebook/Myspace account and start sending similar messages to your peers ( and whatever else it wants to do with your Facebook account, password, data, and computer ).

All the usual caveats about trusting e-mail apply. Even if it looks like it comes from a friend on Facebook. Or somebody that wants to be your friend. Or someone telling you they made a new friend.

Encountering fake malicious download offers on web sites is getting pretty common. It may be the most common way desktop computers are infected. The criminals are pretending to offer software updates, anti-virus software, video codecs, software license cracking tools, and anything else they can think of that might persuade you to install it on your computer.

Handling offers of web downloads:

• If you get offered a download on a site you were led to from a link in an unsolicited message ( e.g. e-mail, IM, wall posting, SMS text message ), regardless of who the message appears to be from, alarm bells should go off.
• Software updates should only be downloaded from trusted sites ( e.g. www.adobe.com for Adobe Flash ) and you should navigate to those sites yourself rather than following links provided in the message.
• Do not believe web sites claiming they detected a virus on your computer and offering you "anti-virus software". JMU provides anti-virus software to all faculty, staff, and students so there is usually no reason to install more software. Most such offers are attempts to get you to install a virus masquerading as anti-virus software.
• If you're told you need to download special software to view a video or listen to an audio clip, walk away unless you can download the software from a trusted source, you're sure the content is legitimate, and its necessary for business.

Technical risk reduction:

• Operate the computer with a regular user account. If the criminals fool you, and who doesn't get fooled sometimes, the damage they can do is limited and will usually be none.
• If you don't keep all your software up to date ( e.g. Adobe, QuickTime, RealPlayer, Java ) and you frequent social network sites and the Internet in general, you're almost certain to have your computer infected sooner or later whether you accept a download or not.
• Some of these sites install software on your computer ( with your assistance of course ) that may make it vulnerable to other sites so you'll have to keep track of updates for their software too.
• • Facebook Photo Uploader Security Defect
  • LinkedIn Toolbar Security Defect
  • Myspace Uploader Control Security Defect
• Antivirus software should not be considered an effective protection measure though it should be run for the limited value it does provide. If your anti-virus software warns you of a virus, it means it detected one malicious file. Others may have gone undetected leaving your computer compromised. In general, anti-virus software cannot be depended upon to reliably and thoroughly protect a computer and espcially not to clean an infected one.

Links to sample social network site incident references:

• July 2006 - MySpace attacked by worm exploiting Flash defects, MySpace attacked by worm exploiting Windows defects
• December 2006 - Password stealing MySpace video worm pimps adult content
• December 2007 - Worm hits Google's Orkut
• January 2008 - MySpace Profile + Fake Microsoft Patch = Malware Cocktail
• May 2008 - LinkedIn 419 scam
• July 2008 - Web worms squirm through Facebook, MySpace
• October 2008 - Spear Phishing Scam Targets LinkedIn user with for malware installation
• October 2008 - Facebook worm feeds off Google's reputation
• November 2008 - Facebook worm needs your help to read CAPTCHAs
• December 2008 - Facebook Worm Reappears
• December 2008 - Classmates.com fast flux malware
• December 2008 - Facebook Worm also targets bebo.com, blackplanet.com, friendster.com, myspace.com, myyearbook.com.