[OPLINTECH] FW: ALERT: Virus attacking Myspace and Facebook RE: Weekly Top News Spam

Wed Aug 20 08:49:11 EDT 2008

Jim,

   I have noticed the viruses as well. We are using Smoothwall 3 with the
email filter add-on. We have been very lucky as the Clam AV engine is
catching these viruses. This works only for POP 3 though. I would be
interested in what others are doing to combat the Facebook & MySpace
viruses.

Dan Will

Technology Supervisor

Meigs County District Public Library

willda at oplin.org

740.992.5813

740.992.6140 (fax)

The difference between fiction and reality?

Fiction has to make sense.

Tom Clancy

From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org] On
Behalf Of JKENZIG
Sent: Tuesday, August 19, 2008 10:21 PM
To: OPLINTECH
Subject: [OPLINTECH] FW: ALERT: Virus attacking Myspace and Facebook RE:
Weekly Top News Spam

Admins... note I have just sent the following out to my staff. You may  edit
and pass along if you would like. 

Jim Kenzig 
Network Manager 
Cuyahoga County Public Library 

______________________________________________ 

We have received hundreds of notifications from Trend today blocking
viruses.  I have determined that apparently it is the same type of attack
the Weekly top news emails use and it is coming mostly from Myspace and
Facebook pages. This is a tough one to block because those two sites are
probably the highest used ones in the library.  (Below is a description of
how the Virus works.)  

Staff should use caution when going on Facebook or Myspace from staff
systems and continue to delete the Weekly top news emails. Also avoid the
temptation to follow links in unsolicited emails.  Web pages suggesting you
download an update to flash or any other plugin for that matter should not
be clicked on and avoided.  Remember ITD installs updates automatically when
necessary and only after they are tested in our environment. 

 If patrons are getting virus notification popups while on Myspace or
Facebook and notify you then this is most likely why and the Dell public
computer with the problem should be immediately rebooted if possible. 

There is also a very realistic popup going around from many sites that
states you have a virus and need to install Antivirus 2009(aka
Antivirus2009), they look like Microsoft prompts. There is no such program
with just that name and it will install spyware on your system! Avoid
clicking on these links. (note don't confuse this with Kaspersky Antivirus
2009 which IS a valid real program)

Sorry this is so long, thanks for reading. 
Thanks,
Jim Kenzig
Network Manager 
New worms target both MySpace and Facebook users 
 <http://www.kaspersky.com/news?id=207575670>
http://www.kaspersky.com/news?id=207575670 
Kaspersky Lab, a leading developer of secure content management systems, has
detected two variants of a new worm, Net-Worm.Win32.Koobface.a. and
Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook respectively.
As part of their malicious payload, the worms transform victim machines into
zombie computers to form botnets.

Even though the worms are currently only infecting MySpace and Facebook
users, Kaspersky Lab analysts are warning users that the worms are designed
to upload additional malicious modules with other functionality via the
Internet. It is highly probable that victim machines will not only be used
for spreading links via these social networking sites, but the botnets will
also be used for other malicious purposes.

Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace
account. The worm creates a range of commentaries to friends' accounts.
Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam
messages and sends them to the infected users' friends via the Facebook
site. The messages and comments include texts such as Paris Hilton Tosses
Dwarf On The Street; Examiners Caught Downloading Grades From The Internet;
Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it
really celebrity? Funny Moments and many others.

Messages and comments on MySpace and Facebook include links to
http://youtube.[skip].pl. If the user clicks on this link, s/he is
redirected to http://youtube.[skip].ru, a site which purportedly contains a
video clip. If the user tries to watch it, a message appears saying that
s/he needs the latest version of Flash Player in order to watch the clip.
However, instead of the latest version of Flash Player, a file called
codecsetup.exe is downloaded to the victim machine; this file is also a
network worm. The result is that users who have come to the site via
Facebook will have the MySpace worm downloaded to their machines, and vice
versa.

"Unfortunately, users are very trusting of messages left by 'friends' on
social networking sites. So the likelihood of a user clicking on a link like
this is very high", says Alexander Gostev, Senior Virus Analyst at Kaspersky
Lab. "At the beginning of 2008 we predicted that
<http://www.viruslist.com/en/analysis?pubid=204791987>  we'd see an increase
in cybercriminals exploiting MySpace, Facebook and similar sites, and we're
now seeing evidence of this. I'm sure that this is simply the first step,
and that virus writers will continue to target these resources with
increased intensity".

_____________________________________________ 
From:   
Sent:   Monday, August 18, 2008 9:27 AM 
To:     All-Mailer 
Subject:        Weekly Top News Spam 

There has been a lot of spam coming with the Subject line Weekly Top News
and a line it about some crazy type of news story.  If you click the link it
will try and install spyware on your computer.  Please just mark these
messages as spam and delete these messages and do not follow the link. 

Thanks, 
Jim Kenzig
Network Manager
Cuyahoga County Public Library
jkenzig at cuyahogalibrary.org
216-749-9389 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20080820/53d85050/attachment.html