Virus hits Facebook and MySpace

[Every Breaking Wave]

Source

A virus has been infecting popular social networking sites MySpace and Facebook, tech experts said Thursday.

On Facebook, the virus is causing email messages to be sent to people on "friends" lists asking them to watch a video supposedly on YouTube. A user has to download what purports to be a plug-in to watch the video.

Tech expert Marc Saltzman said the plug-in is actually a virus.

The bogus email appears to come from a friend, he said.

"Even when you go to the fake site, it has their name and profile picture right on the site, so you really believe it," said Saltzman, a syndicated tech columnist who received several of these emails a few days ago.

"It's affecting what is, arguably, the most popular service among Canadian web surfers. To the best of my knowledge, we haven't really seen a Facebook virus of this magnitude yet," he said.

Security researcher Wayne Blackard said the virus is also infecting MySpace.

"I don't have any specific numbers, but I do expect that it will spread rapidly given the popularity of the social networks," said Blackard of Texas-based TippingPoint Technologies Inc.

On MySpace the virus is being spread when people contact friends.

Blackard said social networking sites are going to become increasingly vulnerable to cyber attacks due to their popularity.

"The implicit trust built into the social circle of friends and the willingness to share information with those in the circle will only the help the social engineering attacks to succeed," he said in an email.

It's difficult to identify the perpetrators, Blackard said, but the intent seems to be to deliver malware such as spam. Then additional malware can be installed to capture "many types of sensitive information," he added.

Facebook, a privately held company based in Palo Alto, Calif., wasn't immediately available for comment on Thursday.

Tech experts say computers must have up-to-date antivirus software to help prevent such attacks.

The virus has been noted by several websites, including Saltzman's blog on MSN, tech blog Pocket-lint and by anti-virus software companies Sophos, Symantec and Kaspersky.

Symantec, maker of Norton AntiVirus software, has identified the fake Flash player update as a trojan called gampass.

"What this trojan does is it tries to steal a person's online gaming credentials," said Marc Fossi, manager of development for security response at Symantec in Calgary.

"What they can do with these stolen gaming accounts is sell them online," he said. "It would steal your user name and password and send it back to whoever is sending this thing out."

Money can be made from selling the account information, which usually includes blocks of playing time, and it can be made from selling coveted characters from certain games, he added.

Fossi said this can happen if a user is trying to log on to a gaming account on his computer and wouldn't affect signing into an XBox Live account.

He also said the same caution that users apply to email attachments is needed on social networking sites.

"I think that people need to treat these social networking programs just like any other website ... Don't give that implicit trust to everything that you see there. You've really got to make sure that your computer is protected."

Anybody else hit by this? I got the message yesterday, but luckily didn't download anything.

 

[bell02+]

I'd hope no one would be fool enough to fall for needing an extra codec or plug-in to see a video on You Tube, but this is myspace we're talking about... (were people do things like make their passwords myspace)

This isn't the first time for a myspace/facebook virus, but it's a shame on how they work by going through your friends.

 

[Every Breaking Wave]

I followed the link originally, but did not download the plug-in. The website imitates YouTube reasonably well; at first I wondered if only a portion of the page had loaded. The website itself purports being called "myspacetube.net", but going by the URL it appears to be based in the Czech Republic.

I've had spam/virus messages on my wall before (which say things like "Get good quality bud!"), but this is the first time I've had a virus message in Facebook Inbox.

If anybody gets these messages, whatever you do, do not click anything on the page. I clicked on "More Info" and a download window popped up, asking me if I wanted to install a codec. The video screen also displays a message saying that the version of Flash Player is out of date and needs to be updated; do not click that either.


I've taken two screenshots of it below, so you can see the similarities to YouTube:

And now I am going to run a virus scan.

 

[flyinglilypad]

Who's stupid enough to read or watch all the stupid crap everyone on your friendlists comes up with anyway?

 

[Every Breaking Wave]

The message that I received in my Inbox said something along the lines of: "Hey! Watch this, you've been caught on a hidden camera! LOL!"

The message seems innocent enough, is from a person on my friendlist, and as you can see from the screenshots I posted earlier, the page even has my friend's name on there. It's a very cleverly crafted virus, as it all seems very innocent. I'm very aware of the risks of spyware/ad-aware/viruses and have as many as four different programs I use to check my computer for infections. It still managed to nearly fool me.

This is just a heads up for everyone; I know most people on here have either Facebook or MySpace, and some people are liable to be fooled.

 

[seb]

Hi guys...i just came accross this forum when i searched for "myspacetube" in google after having the dreaded message from a friend and having accessed the site, i was slightly suspicious, however was still stupid enough to download the codec. I have performed a full scan with norton internet security, but all that it found was a tracking cookie. Is there anything that you guys can recommend? I've updated the scanner already today and can't think of anything else that i can do! Help please.

 

[Every Breaking Wave]

Norton, frankly, isn't the greatest antivirus software out there. I recommend AVG. Also, download and run both "Spybot Search and Destroy" and "Ad-Aware". Make they are all updated too.

 

[bell02+]

Yeah, actually hearing more about it I do agree that it's extremely malicious. Lol, it's like an evil myspace genius trying to sell their anti-virus. Hopefully AVG can remove something like that, because I'm not sure. (As for Norton, I don't know, there is something corrupt about buying anti-virus, but what ever, at least AVG is free)

 

[Every Breaking Wave]

From what I understand, this virus won't shut down your computer or damage your files; to quote the article:

"What this trojan does is it tries to steal a person's online gaming credentials," said Marc Fossi, manager of development for security response at Symantec in Calgary.

"What they can do with these stolen gaming accounts is sell them online," he said. "It would steal your user name and password and send it back to whoever is sending this thing out."

Money can be made from selling the account information, which usually includes blocks of playing time, and it can be made from selling coveted characters from certain games, he added.

Fossi said this can happen if a user is trying to log on to a gaming account on his computer and wouldn't affect signing into an XBox Live account.

 

[seb]

Ok then thanks to you all for your input. I downloaded AVG and S+D and they have not picked anything up. I am not sure if this is a good sign or not, although thinking back, when the "codec" downloaded, an error box appeared, which i took as a sign that all was not well and was when i suspected that i had perhaps downloaded something which i shouldn't have. Could this have meant that perhaps the "virus" did not download correctly?!? I don't know, but i don't have an xbox gaming account which i guess is a good thing, however, if they can enter so many computers on such a widespread scale, surely they would also be after credit card details or passwords to other accounts as well?! Thanks for all and any further feedback

P.S. Anyone else been hit by this?

 

[Every Breaking Wave]

It would depend on what the virus is designed to go after. I'm not an expert on viruses, but I believe that the way this one was designed would take advantage of your log-in information for sites such as partypoker, etc.

 

[I Started A Cult]

I'm glad I have no aboveground social life. I have never caught one of those things, but every time I go onto Mindless Self Indulgence's MySpace I get a script titled MSI.EXE. The people posing as your best buddy trick is pretty common, but this is the first time I've seen it used to spread viruses. Usually, they just use it to sell stuff.

 

[Kat Katraine]

I always run my Norton Anti-Virus quick scan to clean up my pc before I turn it off. Better safe than sorry!

 

[Sketch]

I've been using MySpace a lot these past couple days and I have yet to run into this.

 

[Wonder Happiny]

I'm glad I don't check or even go near my Facebook account!

God, do the people who come up with these viruses have any kind of social lives or human interactions at all?

 

[Sapphyire77x]

I always run my Norton Anti-Virus quick scan to clean up my pc before I turn it off. Better safe than sorry!

Same thing

*hugs Norton*

 

[I Started A Cult]

We've got Norton as well over here. It works quite well.

 

[Burning Bush]

This is nothing new at all, run Firefox with no script and ad block plus installed if you want to stay virus free. As most drive by downloads are done by Java script these days.

 

[Winged Psychic]

I'm glad I don't check or even go near my Facebook account!

God, do the people who come up with these viruses have any kind of social lives or human interactions at all?

If they're trying to steal wow accounts, I guess not.