According to TrendLabs Malware blog, a ZLOB variant is being used by cyber criminals in this recent spin on the malware social networking scene. Users of Friendster, a social networking site hugely popular in Asia, may have recently received an email via the site’s internal messaging utility that entices them to view a video.
Users receiving email via Friendster may feel safe since the email arrives within the Friendster zone. However, the email links to an external site. In this particular case, the link is a front for a quick redirection which leads the user to a fake video site. The user cannot view the fake video because he lacks an updated version of the player (in this case, what pretends to be Adobe Flash Player). The name of the site is “YuoTube”–the cybercriminals’ attempt to appear like the legitimate and popular video site, YouTube.
Friendster link scores much on credibility, because it often arrives via messages sent through social networking sites’ internal messaging functionality. The sender will often appear to be one of the user’s contacts; this increases likelihood that users will click on the link.
Malware from WORM_KOOBFACE family (one of the earliest being WORM_KOOBFACE.E, and the latest being WORM_KOOBFACE.AC) specializes in propagating via social networking sites. They propagated mostly in Facebook but have been seen to expand operations to other networking sites like Hi5 and Bebo. These worms have the capacity to hurdle CAPTCHAs.
Users are advised to be wary of unsolicited messages. Also, only download software and software updates from the software vendor’s sites or via auto-update features, not via popups that appear during browsing.
Posts
