Worms attack Facebook, MySpace

Panda Security has detected Boface.G, a new worm that uses the Facebook and MySpace social networks to spread.

“Worms are programmes that make copies of themselves in different places on a computer,” says Jeremy Matthews, head of Panda Security’s sub-Saharan operations. “The objective of this type of malware is usually to saturate computers and networks, preventing them from being used.”

The Boface.G worm posts a link on the infected users’ profile or contacts panel to a fake YouTube video. Alternatively, it sends the infected users’ contacts a private message with the link. When they try to watch the video (which seems to come from one of their friends) they are taken to a web page where they are encouraged to download a Flash Player update to watch it. However, if they do so, they will let a copy of the worm into their computers and will infect of all their contacts.

“Social networks attract millions of users and have become one of cyber-crooks’ favourite ways to spread their malicious creations,” says Matthews. “Users of these social networks should try to confirm the origin of these messages before following links or downloading items to their computers”.

According to PandaLabs, one of the two social networks under attack has already taken measures to protect users from this malware. For protection against attacks like these, Facebook and MySpace users are encouraged to have an updated antivirus.

Panda Security