Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 100 - March 2010 - Page 17

Pages in this month's issue:
  1. Costa Rica Turtle Egg Harvest Protest Email
  2. Gordon Lightfoot Death Hoax
  3. Automation Labs Facebook Privacy Warning Hoax
  4. Indian Department of Revenue Tax Refund Scam
  5. Maroochydore High School Answering Machine Message Hoax
  6. National Health Anti-Fraud Association Complaint Scam Email
  7. Boy Shot By Step Dad Charity Hoax
  8. Facebook Gold Account Hoaxes
  9. Bank of America Software Upgrade Phishing Scam
  10. Immigration Quote Wrongly Attributed to Sir Edmund Barton
  11. False Rumours Claim That Facebook is About to Start Charging User
  12. Gordon Brown Smiling Virus Hoax
  13. Giant George - Huge Great Dane
  14. Craigslist Account Phishing Scam
  15. ATO Cut Off Taxes Program Phishing Scam Email
  16. Mercedes-Benz Test Questions Advance Fee Scam
  17. Check Out YouTube Request - Facebook Trojan Worm Warning

Issue 100 Start Menu

Previous Article

Check Out YouTube Request - Facebook Trojan Worm Warning

Outline
Message circulating on Facebook warns users not to open a request to check out a YouTube video because it contains a "trojan worm" that can shut down the infected computer and steal personal information.



Brief Analysis
Security threats like the one described do exist. Internet criminals commonly spread malware via links that claim to open YouTube videos or other material. The warning is valid in the sense that Facebook users should certainly be cautious of blindly following links in messages even if they appear to come from friends. However, because this warning is quite narrowly focused, and also somewhat inaccurate, it is probably not the most effective method of spreading information about potential security threats of this nature.

Examples:
ATTENTION

ALL: IF YOU GET A REQUEST FROM ME OR ANY FRIEND TO CHECKOUT 'YOUTUBE' AND IT LOOKS LIKE FACEBOOK DO NOT OPEN IT. IT IS A TROJAN WORM AND WILL INFECT AND SHUTDOWN YOUR COMPUTER AND TAKE ALL YOUR PERSONAL INFO. ITIS TRAVELING AROUND FACEBOOK RAPIDLY. YOUR FRIENDS DID NOT SEND IT!



Detailed Analysis
This rather breathless warning is circulating quite rapidly around popular social networking website Facebook. The message warns Facebook users to watch out for requests that look like they have come from their Facebook friends that tell them to check out a YouTube video. According to the message, following the link to the bogus YouTube page can result in a "trojan worm" being installed that can steal all of the user's personal information and shut down the infected computer.

The warning does have a degree of validity in that it provides a rudimentary, if somewhat inaccurate, description of one of many potential security threats that regularly target Facebook users. Internet criminals certainly do use tactics such as sending out fake requests or invitations that link to sites that harbour worms and trojans. Moreover, many worms use address spoofing so that it appears that the bogus messages have been sent by friends of the recipient. If a recipient believes that the bogus message is from a friend, he or she may well be more likely to follow links or open attachments that come with the message. And, scammers often disguise such malware messages so that they closely resemble genuine notifications from online services such as Facebook.

During 2009, a strain of the notorious Koobface worm was distributed that used tactics similar to those described in the warning message. This worm, which targeted users of Facebook, MySpace, Bebo, and other social networking websites, sent out messages that invited recipients to click a link to view a video. Those who clicked the link were taken to a bogus website that claimed that they must update the Adobe Flash Player plugin in their browser before they could view the video. However, the supposed plugin update actually installed a worm that could login to the user's social networking accounts via information stored in cookies and automatically send more bogus invitations to the user's friends. Alternative strains of Koobface that employ other tactics continue to target Facebook users as do many other malware threats.

Given that they have proved to be a very successful method of distributing malware, Internet criminals are likely to continually reuse tactics such as sending out fake invitations and requests that contain links to malicious websites.

Thus, in a general sense, the warning does contain a valid point. Facebook users should certainly be aware that some seemingly innocent messages that appear to come from friends may well link to malicious websites. That said, in its current form, the warning message is perhaps a little too narrowly focused and inaccurate to be of much use. The warning focuses on only one malware distribution tactic, that of bogus messages that supposedly link to a YouTube video. As noted, versions of Koobface have used tactics quite similar to this. However, there is no indication that this Koobface variant shut down the infected computer. In fact, since the goal of those distributing Koobface is to spread the threat even further via already infected computers, they would certainly not configure the malware to shut down those computers. And, since that particular attack, there have been a number of other attacks on Facebook users that use significantly different methods of tricking recipients into installing malware. In fact, such attacks are virtually continuous and constantly changing.

Thus, the wide distribution of a message that warns of only one attack vector among many may well be counterproductive. Rather than sending on a redundant warning that invokes a quite unnecessary sense of urgency regarding one particular malware distribution tactic, computer users would be better to ensure that their friends are aware of such threats in general terms. Armed with a more general overview of the many tactics and ruses used to distribute malware, computer users will be much better equipped to recognize and avoid a large variety of computer security threats.

Bookmark and Share

References:
Koobface variant worms across social networking sites

Previous Article

Issue 100 Start Menu

Pages in this month's issue:
  1. Costa Rica Turtle Egg Harvest Protest Email
  2. Gordon Lightfoot Death Hoax
  3. Automation Labs Facebook Privacy Warning Hoax
  4. Indian Department of Revenue Tax Refund Scam
  5. Maroochydore High School Answering Machine Message Hoax
  6. National Health Anti-Fraud Association Complaint Scam Email
  7. Boy Shot By Step Dad Charity Hoax
  8. Facebook Gold Account Hoaxes
  9. Bank of America Software Upgrade Phishing Scam
  10. Immigration Quote Wrongly Attributed to Sir Edmund Barton
  11. False Rumours Claim That Facebook is About to Start Charging User
  12. Gordon Brown Smiling Virus Hoax
  13. Giant George - Huge Great Dane
  14. Craigslist Account Phishing Scam
  15. ATO Cut Off Taxes Program Phishing Scam Email
  16. Mercedes-Benz Test Questions Advance Fee Scam
  17. Check Out YouTube Request - Facebook Trojan Worm Warning