JUser: :_load: Unable to load user with ID: 3286
Wednesday, 29 October 2008 17:42

Google Readers at risk from unsocial Facebook worm

Facebook worms are, sadly, not that uncommon. However, they do all tend to share a common tactic of using a non-existent video requiring a Trojan disguised as a new codec download to work. Now one enterprising scumbag is using Google to leverage trust amongst Facebook victims.

This year we have seen worms in space and worms promising Paris Hilton will toss a dwarf on the street. We have seen worms targeting specific routers and worms aimed at mobile phone operating systems.

We have also seen a fair number of Facebook specific worms which is hardly surprising given the incredible popularity of the social networking phenomenon and the incredible willingness of Facebook users to morph into link clicking idiots.

What we have not seen is any real ingenuity on behalf of the cybercriminals behind these worms, beyond that of coming up with clever and often amusing hook-lines together with appealing sounding non-videos to entrap the unwary.

Until now. Fortinet’s FortiGuard Center tells me it has uncovered a new malicious Facebook worm that uses Google Reader to gain the trust of victims. Sure, a malicious video is still involved and is distributed through the Facebook worm, but this then attempts to socially engineer trust by redirecting out of Facebook and straight onto a Google Reader share site.

It all starts with the Facebook user getting a message on their wall telling them that someone has uploaded a video of them on YouTube that they should see. Actually, why anyone would fall for this from the get go is beyond me if the Fortinet example message is anything to go by.

It says: "Sommebody uupload a viideo wiith you on utubee, you shuold ese."

If you are mug enough to bother clicking on the link that follows you end up at a Google Reader share. Google Reader lets users share news and online content that they have found interesting, both with their circle of friends and the wider general public.

Find out what happens next, and how you can avoid being just another victim of this illiterate malware crook on page 2...


Fortinet reports that "It appears that cyber criminals behind the Facebook worms registered Google Reader accounts (either manually, or automatically via phishing operations or automated CAPTCHA solvers) for the sole purpose of loading them with links to malicious sites."

Click on that video frame which appears within this shared content page and the old redirect to a fake codec download kicks in, with a Trojan-enabled site being the endpoint of this particular game.

So why bother with the addition of the Google Reader layer? Why not just go straight for the video within Facebook needs a new codec jugular? Because people are starting to become aware of the dangers of link clicking this stuff.

Google, however, is seen as a trusted host. If the video is hosted at Google it must be clean, it must be safe, right? Wrong! There is no video, this is just a leveraging of trust layer which, when combined with the 'it started with a note from a friend' factor all adds up to that itchy click trigger finger syndrome.

Guillaume Lovet, Senior Manager at Fortinet’s FortiGuard Global Security Research Team, advises the following ‘Top Five Tips’ to avoid becoming a victim:

Beware of messages with a link inside.
Ask yourself if the message you're reading is from who it claims to be - worms cannot imitate people’s own style of writing.
Be vigilant about video content. Keep in mind that online videos share a very common format, so if you can normally see flicks on YouTube or DailyMotion, you won't ever need any additional plug-in or codec.

Don't browse the Web with a system that's not up-to-date with security updates.

If you have already been fooled by the virus, antivirus protection may very well save you.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.



Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News