<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7653.38">
<TITLE>FW: ALERT: Virus attacking Myspace and Facebook RE: Weekly Top News Spam</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT COLOR="#0000FF" SIZE=2 FACE="Arial">Admins... note I have just sent the following out to my staff. You may edit and pass along if you would like.</FONT>
</P>
<P><B><FONT FACE="Arial">Jim Kenzig</FONT></B>
<BR><B><FONT FACE="Arial">Network Manager</FONT></B>
<BR><B><FONT FACE="Arial">Cuyahoga County Public Library</FONT></B>
</P>
<BR>
<P><FONT SIZE=1 FACE="Tahoma">______________________________________________ </FONT>
</P>
<BR>
<P><FONT SIZE=4 FACE="Times New Roman">We have received hundreds of notifications from Trend today blocking viruses. I have determined that apparently it is the same type of attack the Weekly top news emails use and it is coming mostly from Myspace and Facebook pages. This is a tough one to block because those two sites are probably the highest used ones in the library. (Below is a description of how the Virus works.) </FONT> </P>
<P><U><B><FONT SIZE=4 FACE="Times New Roman">Staff should use caution when going on Facebook or Myspace from staff systems and continue to delete the Weekly top news emails. Also avoid the temptation to follow links in unsolicited emails</FONT></B></U><B></B><FONT SIZE=4 FACE="Times New Roman">. </FONT><FONT COLOR="#0000FF" SIZE=4 FACE="Times New Roman">Web pages suggesting you download an update to flash or any other plugin for that matter should not be clicked on and avoided. Remember ITD installs updates automatically when necessary and only after they are tested in our environment. </FONT></P>
<P><FONT SIZE=4 FACE="Times New Roman"></FONT><B> <FONT COLOR="#FF0000" SIZE=4 FACE="Times New Roman">If patrons are getting virus notification popups while on Myspace or Facebook and notify you then this is most likely why and the Dell public computer with the problem should be immediately rebooted if possible</FONT></B><FONT COLOR="#FF0000" SIZE=4 FACE="Times New Roman">.</FONT> </P>
<P><FONT SIZE=4 FACE="Times New Roman">There is also a very realistic popup going around from many sites that states you have a virus and need to install Antivirus 2009(aka Antivirus2009), they look like Microsoft prompts. There is no such program with just that name and it will install spyware on your system! Avoid clicking on these links. (note don't confuse this with Kaspersky Antivirus 2009 which IS a valid real program)</FONT></P>
<P><FONT SIZE=4 FACE="Times New Roman">Sorry this is so long, thanks for reading.</FONT>
<BR><FONT SIZE=4 FACE="Times New Roman">Thanks,<BR>
Jim Kenzig<BR>
Network Manager</FONT>
<BR><B><FONT SIZE=4 FACE="Times New Roman">New worms target both MySpace and Facebook users</FONT></B>
<BR><B></B><A HREF="http://www.kaspersky.com/news?id=207575670"><B></B><B><U><FONT COLOR="#0000FF" SIZE=4 FACE="Times New Roman">http://www.kaspersky.com/news?id=207575670</FONT></U></B><B></B></A><B></B>
<BR><FONT FACE="Times New Roman">Kaspersky Lab, a leading developer of secure content management systems, has detected two variants of a new worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook respectively. As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets.</FONT></P>
<P><FONT FACE="Times New Roman">Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.</FONT></P>
<P><FONT FACE="Times New Roman">Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace account. The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as<I> Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments</I> and many others.</FONT></P>
<P><FONT FACE="Times New Roman">Messages and comments on MySpace and Facebook include links to </FONT><A HREF="http://youtube.[skip].pl"><U><FONT COLOR="#0000FF" FACE="Times New Roman">http://youtube.[skip].pl</FONT></U></A><FONT FACE="Times New Roman">. If the user clicks on this link, s/he is redirected to </FONT><A HREF="http://youtube.[skip].ru"><U><FONT COLOR="#0000FF" FACE="Times New Roman">http://youtube.[skip].ru</FONT></U></A><FONT FACE="Times New Roman">, a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying that s/he needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to the victim machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.</FONT></P>
<P><FONT FACE="Times New Roman">“Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high”, says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab. “At the beginning of 2008 </FONT><A HREF="http://www.viruslist.com/en/analysis?pubid=204791987"><U><FONT COLOR="#0000FF" FACE="Times New Roman">we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites</FONT></U></A><FONT FACE="Times New Roman">, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity”.</FONT></P>
<BR>
<BR>
<P><FONT SIZE=1 FACE="Tahoma">_____________________________________________ </FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">From: </FONT></B>
<BR><B><FONT SIZE=1 FACE="Tahoma">Sent: </FONT></B> <FONT SIZE=1 FACE="Tahoma">Monday, August 18, 2008 9:27 AM</FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">To: </FONT></B> <FONT SIZE=1 FACE="Tahoma">All-Mailer</FONT>
<BR><B><FONT SIZE=1 FACE="Tahoma">Subject: </FONT></B> <FONT SIZE=1 FACE="Tahoma">Weekly Top News Spam</FONT>
</P>
<P><FONT FACE="Calibri">There has been a lot of spam coming with the Subject line Weekly Top News and a line it about some crazy type of news story. If you click the link it will try and install spyware on your computer. Please just mark these messages as spam and delete these messages and do not follow the link. </FONT></P>
<P><FONT FACE="Calibri">Thanks,</FONT>
<BR><FONT SIZE=2 FACE="Arial">Jim Kenzig</FONT><BR>
<FONT SIZE=2 FACE="Arial">Network Manager</FONT><BR>
<FONT SIZE=2 FACE="Arial">Cuyahoga County Public Library</FONT><BR>
<FONT SIZE=2 FACE="Arial">jkenzig@cuyahogalibrary.org</FONT><BR>
<FONT SIZE=2 FACE="Arial">216-749-9389</FONT><FONT FACE="Arial"> </FONT>
</P>
<BR>
<BR>
</BODY>
</HTML>