October 28th, 2008

Facebook worm finds a friend in Google Reader

Posted by Ryan Naraine @ 1:09 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Facebook, Google, Malware, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms, Web 2.0, Web Applications

Tags: Google Inc., Facebook, Fortinet Inc., Google Reader, Video, Worm, Cyberthreats, Corporate Communications, Phishing, Viruses And Worms

The Facebook worm that has been squirming its way through the popular social network now has a new friend — Google Reader.

According to researchers at Fortinet, the worm’s creators are wrapping Google’s RSS reader around fake video downloads as part of a strategy to strengthen the social engineering component of the attack. From Fortinet’s advisory:

• This “hop” via a Google Reader share serves an essential purpose: it gives the targeted user the feeling that the video is hosted on Google. Thus it must be safe. Combo that with the “it’s a message from a friend” factor, which naturally lowers down users’ wariness shields, and you get quite a good chance of seeing your victim perform the dreaded click.

[ SEE: Web worms squirm through Facebook, MySpace ]

Fortinet researcher Guillaume Lovet believes the cyber-criminals behind the Facebook worms registered Google Reader accounts (either manually, or automatically via phishing operations or automated CAPTCHA solvers) for the sole purpose of loading them with links to malicious sites.

Fake video lures are used to infect Windows machines with rogue security software.

Image source: Jacob Botter’s Flickr photostream (Creative Commons 2.0)