Panda Security: Facebook and MySpace users attacked by the Boface.G worm
November 2008 by Panda Security
PandaLabs, Panda Security’s malware detection and analysis laboratory, has detected Boface.G, a new worm that uses the Facebook and MySpace social networks to spread.
This worm posts a link on the infected users’ profile or contacts panel to a fake YouTube video. Alternatively, it sends the infected users’ contacts a private message with the link. When they try to watch the video (which seems to come from one of their friends) they are taken to a web page where they are encouraged to download a Flash Player update to watch it. However, if they do so, they will let a copy of the worm into their computers and will infect of all their contacts.
“Social networks attract millions of users and have become one of cyber-crooks’ favorite ways to spread their malicious creations”, explains Luis Corrons, Technical Director of PandaLabs. “Users of these social networks should try to confirm the origin of these messages before following links or downloading items to their computers”.
According to PandaLabs, one of the two social networks under attack has already taken measures to protect users from this malware. Panda Security users have been protected against this worm at all times.