Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Check Out YouTube Request - Facebook Trojan Worm Warning

Outline
Message circulating on Facebook warns users not to open a request to check out a YouTube video because it contains a "trojan worm" that can shut down the infected computer and steal personal information.



Brief Analysis
Security threats like the one described do exist. Internet criminals commonly spread malware via links that claim to open YouTube videos or other material. The warning is valid in the sense that Facebook users should certainly be cautious of blindly following links in messages even if they appear to come from friends. However, because this warning is quite narrowly focused, and also somewhat inaccurate, it is probably not the most effective method of spreading information about potential security threats of this nature.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 28th February 2010
First published: 28th February 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples:
ATTENTION

ALL: IF YOU GET A REQUEST FROM ME OR ANY FRIEND TO CHECKOUT 'YOUTUBE' AND IT LOOKS LIKE FACEBOOK DO NOT OPEN IT. IT IS A TROJAN WORM AND WILL INFECT AND SHUTDOWN YOUR COMPUTER AND TAKE ALL YOUR PERSONAL INFO. ITIS TRAVELING AROUND FACEBOOK RAPIDLY. YOUR FRIENDS DID NOT SEND IT!



Detailed Analysis
This rather breathless warning is circulating quite rapidly around popular social networking website Facebook. The message warns Facebook users to watch out for requests that look like they have come from their Facebook friends that tell them to check out a YouTube video. According to the message, following the link to the bogus YouTube page can result in a "trojan worm" being installed that can steal all of the user's personal information and shut down the infected computer.

The warning does have a degree of validity in that it provides a rudimentary, if somewhat inaccurate, description of one of many potential security threats that regularly target Facebook users. Internet criminals certainly do use tactics such as sending out fake requests or invitations that link to sites that harbour worms and trojans. Moreover, many worms use address spoofing so that it appears that the bogus messages have been sent by friends of the recipient. If a recipient believes that the bogus message is from a friend, he or she may well be more likely to follow links or open attachments that come with the message. And, scammers often disguise such malware messages so that they closely resemble genuine notifications from online services such as Facebook.

During 2009, a strain of the notorious Koobface worm was distributed that used tactics similar to those described in the warning message. This worm, which targeted users of Facebook, MySpace, Bebo, and other social networking websites, sent out messages that invited recipients to click a link to view a video. Those who clicked the link were taken to a bogus website that claimed that they must update the Adobe Flash Player plugin in their browser before they could view the video. However, the supposed plugin update actually installed a worm that could login to the user's social networking accounts via information stored in cookies and automatically send more bogus invitations to the user's friends. Alternative strains of Koobface that employ other tactics continue to target Facebook users as do many other malware threats.

Given that they have proved to be a very successful method of distributing malware, Internet criminals are likely to continually reuse tactics such as sending out fake invitations and requests that contain links to malicious websites.

Thus, in a general sense, the warning does contain a valid point. Facebook users should certainly be aware that some seemingly innocent messages that appear to come from friends may well link to malicious websites. That said, in its current form, the warning message is perhaps a little too narrowly focused and inaccurate to be of much use. The warning focuses on only one malware distribution tactic, that of bogus messages that supposedly link to a YouTube video. As noted, versions of Koobface have used tactics quite similar to this. However, there is no indication that this Koobface variant shut down the infected computer. In fact, since the goal of those distributing Koobface is to spread the threat even further via already infected computers, they would certainly not configure the malware to shut down those computers. And, since that particular attack, there have been a number of other attacks on Facebook users that use significantly different methods of tricking recipients into installing malware. In fact, such attacks are virtually continuous and constantly changing.

Thus, the wide distribution of a message that warns of only one attack vector among many may well be counterproductive. Rather than sending on a redundant warning that invokes a quite unnecessary sense of urgency regarding one particular malware distribution tactic, computer users would be better to ensure that their friends are aware of such threats in general terms. Armed with a more general overview of the many tactics and ruses used to distribute malware, computer users will be much better equipped to recognize and avoid a large variety of computer security threats.

Bookmark and Share

References:
Koobface variant worms across social networking sites

Last updated: 28th February 2010
First published: 28th February 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer