Facebook worm steals account passwords

Apparently there is a new (old, but resurfaced) worm out there that spreads through Facebook.

From Computerworld,

[…] the newest Koobface tries to dupe users into clicking on a link that’s included in a message from a friend. Clicking on the link displays a fake error message claiming that Adobe System Inc.’s Flash is out of date, and prompts the user to download an update.

The update is nothing of the sort, but is instead an executable file that installs the Koobface worm.

[…] rifles through a compromised PC, sniffs out browser cookies associated with 10 different social networking sites, uses the usernames and passwords within those cookies to log on to each service, searches for the infected user’s friends and then sends those people messages that include a link to the worm.

It looks for cookies connected to bebo.com, Facebook, Friendster, fubar.com, hi5.com, LiveJournal, MySpace, myYearbook, Netlog and Tagged.

I fully agree with the last statement:

Users need to be very, very careful about what they install when they’re on these [social networking] services,” […] “And they should be careful about how they use social networks and what information they put on them. The criminals are gleaning all the information they can and using it against you.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: