Software maker Adobe warned users on Monday to beware of fake Flash Player updates, four days after antivirus firm Kaspersky alerted Internet users to two computer worms that use the techniques to spread amongst users of the popular social networking sites Facebook and MySpace.
The worms, dubbed Koobface.a and Koobface.b by the firm, send a variety of comments and messages to the friends of anyone infected by either malicious program. The comments use the names of celebrities, such as Paris Hilton, and topics such as hacking and secret cameras to convince potential victims to click on an accompanying link, Kaspersky said in a statement. Clicking on the link will redirect the victim to a Web site which announces that the user needs to download an update to their system's Flash player. The "update" is actually the worm's code.
"Unfortunately, users are very trusting of message left by 'friends' on social networking sites," Alexander Gostev, senior virus analyst with Kaspersky, said in a statement. "So the likelihood of a user clicking on a link like this is very high."
Increasingly, online criminals have looked to social networks to aid them in scamming users and propagating malicious code. Two years ago, researchers at the Black Hat Security Briefings warned of worms that could use interactive Web sites to spread amongst users. A number of worms have hit MySpace and Facebook, although most have only spread through users accounts. Last year, for example, phishers used a transparent image to redirect users to a fake MySpace login page that would steal their credentials.
While the Koobface worms appear to currently only be focused on spreading, Kaspersky warned that the programs are designed to augment their functionality through uploaded modules. Adobe recommended on its blog that users seeking software updates go to the application maker's Web site.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos