CS Security Blog » 2009

Social networking viruses

Today, someone “sent me” a link in Facebook for a cool video. Now, I was able to figure out that the link was a virus without getting nailed. For starters, the link had YuoTube intead of YouTube and the subtle graphics for the site were different. My address bar in internet explorer didn’t say www.youtube.com in it, either. Long story short, I put this virus in my sandbox, which is a machine meant for virus to ravage and then I reverse the damage with a quick restore of a backup. This virus was the Koobface virus (it’s facebook rearranged) and has two versions for you MySpace users and for you Facebook users. The payload of the virus allows the virus, within a minute, to modify your computer to stop search engines from sending you to legit links and to silently take you to pages you didn’t click on for ads and more spyware. It is pretty nasty to remove as you can’t go to Symantec, CA, Mcafee, and other virus vendor sites anymore because the virus can tell what you are up to. The virus will then take your facebook or myspace username and password and send out an email, in Facebook or Myspace, encouraging your friends and contacts to click a link to allow the Koobface virus to install on their machines.

Don’t be “that guy” and send viruses to your friends…. Here’s what you do to be safe:

1. Are you expecting an email from a friend in Facebook or MySpace? Does this person normally send you email or do they post on your page? Look at the grammer, look for spelling errors… Does the link they want you to click on go to a site you know and trust like google or youtube? If the link goes to a website with numbers in it, for example, http://127.0.0.1 it probably isn’t legit…. Think before you click a link from a friend as these viruses can raid address books.

2. Did you get infected because you didn’t read number 1 above? Well, change your facebook or myspace password right away. The virus doesn’t immeditaly send an email to your friends and family, which is great, but if it can’t login under your account anymore, you can head off the damage that the virus can bring to friends or business contacts. Did you have credit card numbers or financial website passwords saved? Change those passwords right away, too.

Microsoft Patches:

Three patches for Microsoft Office for Mac and PC, some of the exploits allow a user to gain complete control of your machine… Check out http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-US for updates. Pretty much, sparing the technical detail, if you open an attachment that is a word document or excel spreadsheet and this exploit is included, they will take advantage of your computer for data.

Another exploit involves users that have Microsoft Web Servers using WebDav, which is a type of security on web servers. This exploit allows a hacker to run code against your webserver and it gives them access to be able to have a chance, not guarenteed, but to have a chance to password crack some secured folders… Simply put, if you are not running a Microsoft web server, then don’t worry about this one.

Next, if you have a computer on a domain (server environment) you will want to follow the link above in the first paragraph to get patches…. A hacker or automated program from an email can push code to your computer to gain complete control of your machine by pretending to be a server. This is important to patch and you will have no worries if you knock this out right away. Other patches include smaller issues that gain partial or some limited access to files on your computer.

Finally, Internet Explorer has some major updates that prevent a hacker or automated program from gaining control of your computer… That pretty much concludes patches for all major Microsoft applications.

Adobe Acrobat

Intresting enough, Adobe has another major patch for people who use Adobe Acrobat reader and regular Acrobat. Check out http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows for Windows updates and http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh for Mac updates for Adobe Acrobat Reader and regular Acrobat. If you use PDF files, you use Acrobat; these patches cover 13 updates and exploits that are ranging from light to critical fixes.