New Facebook worms are circulating in-the-wild
Trend is warning of new Facebook malware attacks circulating in-the-wild
Users of any social networking environment environment should be cautious as malware based atttacks have been actively circulating in Facebook, MySpace, etc. Social networking sites provide for human-to-human electronic contact and in most cases it will be among trusted friends.
Folks still need to be careful in these environments in their trust of strangers and in sharing any personal information. Secondly, they need to mostly stay with exchanges of text, and avoid any URLs or files offered as much as possible. This includes even their trusted friends, (esp. unusual or out-of-character messages, files, or links) -- as their PCs could be infected.
Worms Wriggling Their Way Through Facebook
QUOTE: Trend Micro has flagged two malware with a type that is slowly and steadily making itself get noticed: worms, and the most notable to date are WORM_KOOBFACE.E and WORM_KOOBFACE.D. One may recall that both worms are unique since these take advantage of user interactivity, an awesome Web 2.0-borne feature, by making this a part of the whole propagation chain.
Somewhere between their execution on the affected system to their possible deletion from it, these worms search for a string or set of strings in cookie files related to the popular social-networking site Facebook. Once a match is found, these worms then access the user’s profile using the credentials from the cookies to add links pointing to a copy of itself in the affected user’s profile for virtually anyone to find and click on to download.
Infected users therefore put their frequent profile visitors (who might be more than willing to click on the link since it appears to be a new profile update that they haven’t checked out yet) in harm’s way, along with virtually anyone who stumbles upon the infected profile and clicks on the offending link.
New Koobface worms attack Facebook environment
Koobface worms - Trend Behavioral Analysis
QUOTE: This worm may be downloaded from the Internet. Upon execution, it drops a copy of itself. It displays a message box to trick users into thinking that it did not execute properly. It accesses the Google Web site to check for an Internet connection. It creates a registry entry to enable its automatic execution at every system startup. It also drops non-malicious files.
This worm checks if the user has visited the social networking Web site Facebook by searching for cookies with a certain string. If it finds the said string, it adds links to the affected user's profile that points to a copy of this worm. It deletes itself if no cookies that refer to Facebook are found. It connects to a certain Web site to send and receive information.
Facebook - Fastest Growing Network
Facebook Social Networking Environment - An Overview