That 'Friend' May Be a Worm

By Mike Musgrove
Washington Post Staff Writer
Tuesday, August 26, 2008

If, by chance, you've received a message from a "friend" in the last few days saying that you've been caught on tape, it's not true. Unless you're Paris Hilton.

But no, she's been tossing a dwarf. Okay, not really, but those are just two of the scams Facebook and MySpace users have been hit with recently.

The malicious software attempts to lure users in with messages ranging from "You've been catched on hidden cam" to the one about Hilton tossing a dwarf on the street. The messages contain a link that takes unsuspecting users to a Web page that looks like YouTube. There the page tells visitors that to view the video, they need to click on another link to download and install updated software. Those who fall for the scam are actually installing malicious software.

The worm, called Koobface, turns compromised computers into "zombie" machines that can be used in other types of online attacks. The malicious software may also include keylogger software, which can record a computer user's keystrokes -- and potentially grab passwords when they are entered on a computer.

Alexander Gostev, senior virus analyst at computer security firm Kaspersky Lab, said in a statement that this type of attack could be a successful one for hackers. "Users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high," he said.

Facebook has also been alerting users to a hoax message claiming that the site is overpopulated and that some accounts soon will be deleted.

Facebook's security page offers a few common-sense suggestions for those worried about security. ("If a link or a message seems weird, don't click on it," is one tip.) The company is still investigating the malware attack, according to a spokesman.

According to research firm Cloudmark, users of social networking sites are reporting a rise in spam. An average of 64 spam attacks have been reported over the last year, and 37 percent of users have noticed an increase in the last six months in unwanted messages.

© 2008 The Washington Post Company