This entry was posted on Friday, December 5th, 2008 at 10:22 am and is filed under Security Update. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Site Search:
December 5, 2008
Se ha reportado que han encontrado un malicioso gusano en Facebook que aunque no es nuevo ahora le han hecho modificaciones para atacar redes sociales. El virus se propaga rápidamente ya que aparece como un mensaje que viene de tus amigos. Aparece como por ejemplo “te vez bien en el video” y un link para que acceses el video. Al hacer click te aparece un aviso que necesita la última versión de Flash Player para ver el clip. Esto engaña al usuario y usted mismo es quien termina descargando el virus. Una version anterior del virus atacó a My Space, pero fue eliminado luego de tomar nuevas medidas de seguridad. Por el momento Facebook en su página de Seguridad ha dicho que cada usuario debe tener una version actualizada de antivirus en su computadora y cambiar su password de ser contagiado. Además esta resetiando los password de aquellos que ya han sido contagiados y les esta enviando un email notificando el problema.
Actualmente no podemos asegurar la cantidad de usuarios contagiados, pero nuestro consejo es: no abran archivos no deseados, al menos que esten seguros que si sus amigos le enviaron el mismo.
Fuente: TechCrunch
Como sale el mensaje:
When a user follows the link, they’re redirected to one of many different compromised hosts, which displays a fake error message that the version of Flash is out of date. Next the user is prompted to download/open flash_player.exe, a new Koobface variant.
If the user choose to install the executable, a fake error message is displayed.
Facebook is already aware of this threat and is purging the spammed links from their system. But with dozens of Koobface variants known to exist, the situation is likely to get worse before it gets better. It’s important to note that spammed links leading to Koobface are likely to come from infected friends, reminiscent of early mass-mailing worms. The safe-computing practice created more than 10 years ago still applies today, which is not to open any unexpected email attachments, even if they are from someone you know. Only in this context, it must be expanded to the following:
| Do not follow any unexpected hyperlinks you receive over the Web, Email, or IM, even if they are received from someone you know. It’s best to ask for confirmation from the sender; that they intentionally sent such a link. |
| Â |
| On the other end of hyperlinks, it’s best to install software and updates from the source (such as adobe.com in this case) rather than trusting the content from a third-party website. |
As for the motivations behind this Koobface variant, analysis shows that during infection a proxy server is installed to %ProgramFiles%tinyproxytinyproxy.exe and a service named Security Accounts Manager (SamSs) is created to load the server at startup.  This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.
read comments (10)
January 27th, 2009 at 11:44 pm
Wow! Thank you very much!
I always wanted to write in my blog something like that. Can I take part of your post to my site?
Of course, I will add backlink?
Sincerely, Your Reader
February 4th, 2009 at 9:56 pm
Interesting post. I really enjoyed it. Thanks again, Vicente
February 4th, 2009 at 10:01 pm
Hi there
If anyone knows or provide..
I need UK VPN account.. (to bypass unblock etc..)
I already have USA vpn account..
I dont want to provide vpn service..
I want to buy and enjoy one..
February 5th, 2009 at 10:04 pm
Your site displays incorrectly in Opera, but content excellent! Thank you for your wise words:)
February 6th, 2009 at 9:16 am
Thank you for sharing. I came to this site to read how things really are
March 11th, 2009 at 1:33 pm
I’m not big on commenting, but nice post.
April 14th, 2009 at 7:41 pm
Incredible site!
April 15th, 2009 at 11:10 am
thanks !! very helpful post!
April 16th, 2009 at 4:05 am
Excellent site, It was pleasant to me.
April 19th, 2009 at 7:58 pm
tiene usted un blog genial, me ha gustado mucho