sjb007

Google users could be facing the returm of a worm that first hit Facebook in July.

Researchers at unified threat management vendor Fortinet noticed that a program similar to the Koobface worm had started using the Google Reader and Picasa websites to spread. In the attack. Criminals host images that look like YouTube videos on the Google sites in hopes of tricking victims into downloading malicious Trojan software.

Hackers initially unleashed Koobface in late July, but Facebook's security team soon slowed its spread by blocking the webites that were hosting the malicious Trojan software.

That has prompted the criminals to change tactics, according to Guillaume Lovet, a senior research manager with Fortinet. In this latest attack they have hosted files that appear to be YouTube videos on Picasa and Google Reader and used Facebook to send them to victims.

The links appear safe because they go to Google sites, but once the victim arrives on the Google Reader or Picasa page, he is invited to click on a video or a web link. The victim is then told he needs to download special codec decompression software to view the video. That software is actually a malicious Trojan Horse program, which is blocked by most anti-virus programs, according to Facebook.

Lovet believes the cyber-criminals behind Koobface have deliberately misspelled their Facebook messages to further help them evade detection by filters.

"Sommebody uupload a viideo witth you on utubee. you shuold ese," reads one message.

Lovet has not seen this latest attack use the self-copying worm code that Koobface used last August, but it could easily be added, he said.

Facebook is working with Google to shut down the problem, said Facebook spokesman Barry Schnitt.

Koobface has been a top security concern at Facebook since July. "It's been out there constantly," Schnitt said, "but it's surfaced a little bit more lately."

Full article here - http://www.techworld.com/news/index....&NewsID=106298