[OPLINTECH] FW: ALERT: Virus attacking Myspace and Facebook RE: Weekly Top News Spam

JKENZIG JKENZIG at cuyahogalibrary.org
Tue Aug 19 22:21:24 EDT 2008 

Admins... note I have just sent the following out to my staff. You may
edit and pass along if you would like.

Jim Kenzig
Network Manager
Cuyahoga County Public Library


> ______________________________________________ 
> 
> 
> We have received hundreds of notifications from Trend today blocking
> viruses.  I have determined that apparently it is the same type of
> attack the Weekly top news emails use and it is coming mostly from
> Myspace and Facebook pages. This is a tough one to block because those
> two sites are probably the highest used ones in the library.  (Below
> is a description of how the Virus works.)  
> Staff should use caution when going on Facebook or Myspace from staff
> systems and continue to delete the Weekly top news emails. Also avoid
> the temptation to follow links in unsolicited emails.  Web pages
> suggesting you download an update to flash or any other plugin for
> that matter should not be clicked on and avoided.  Remember ITD
> installs updates automatically when necessary and only after they are
> tested in our environment. 
>  If patrons are getting virus notification popups while on Myspace or
> Facebook and notify you then this is most likely why and the Dell
> public computer with the problem should be immediately rebooted if
> possible. 
> There is also a very realistic popup going around from many sites that
> states you have a virus and need to install Antivirus 2009(aka
> Antivirus2009), they look like Microsoft prompts. There is no such
> program with just that name and it will install spyware on your
> system! Avoid clicking on these links. (note don't confuse this with
> Kaspersky Antivirus 2009 which IS a valid real program)
> Sorry this is so long, thanks for reading.
> Thanks,
> Jim Kenzig
> Network Manager
> New worms target both MySpace and Facebook users
> http://www.kaspersky.com/news?id=207575670
> Kaspersky Lab, a leading developer of secure content management
> systems, has detected two variants of a new worm,
> Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack
> MySpace and Facebook respectively. As part of their malicious payload,
> the worms transform victim machines into zombie computers to form
> botnets.
> Even though the worms are currently only infecting MySpace and
> Facebook users, Kaspersky Lab analysts are warning users that the
> worms are designed to upload additional malicious modules with other
> functionality via the Internet. It is highly probable that victim
> machines will not only be used for spreading links via these social
> networking sites, but the botnets will also be used for other
> malicious purposes.
> Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace
> account. The worm creates a range of commentaries to friends'
> accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users,
> creates spam messages and sends them to the infected users' friends
> via the Facebook site. The messages and comments include texts such as
> Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading
> Grades From The Internet; Hello; You must see it!!! LOL. My friend
> catched you on hidden cam; Is it really celebrity? Funny Moments and
> many others.
> Messages and comments on MySpace and Facebook include links to
> http://youtube.[skip].pl. If the user clicks on this link, s/he is
> redirected to http://youtube.[skip].ru, a site which purportedly
> contains a video clip. If the user tries to watch it, a message
> appears saying that s/he needs the latest version of Flash Player in
> order to watch the clip. However, instead of the latest version of
> Flash Player, a file called codecsetup.exe is downloaded to the victim
> machine; this file is also a network worm. The result is that users
> who have come to the site via Facebook will have the MySpace worm
> downloaded to their machines, and vice versa.
> "Unfortunately, users are very trusting of messages left by 'friends'
> on social networking sites. So the likelihood of a user clicking on a
> link like this is very high", says Alexander Gostev, Senior Virus
> Analyst at Kaspersky Lab. "At the beginning of 2008 we predicted that
> we'd see an increase in cybercriminals exploiting MySpace, Facebook
> and similar sites
> <http://www.viruslist.com/en/analysis?pubid=204791987> , and we're now
> seeing evidence of this. I'm sure that this is simply the first step,
> and that virus writers will continue to target these resources with
> increased intensity".
> 
> 
> 
> _____________________________________________ 
> From: 	
> Sent:	Monday, August 18, 2008 9:27 AM
> To:	All-Mailer
> Subject:	Weekly Top News Spam
> 
> There has been a lot of spam coming with the Subject line Weekly Top
> News and a line it about some crazy type of news story.  If you click
> the link it will try and install spyware on your computer.  Please
> just mark these messages as spam and delete these messages and do not
> follow the link. 
> 
> Thanks,
> Jim Kenzig
> Network Manager
> Cuyahoga County Public Library
> jkenzig at cuyahogalibrary.org
> 216-749-9389 
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/pipermail/oplintech/attachments/20080819/0ecba261/attachment-0001.html

More information about the OPLINTECH mailing list