What we have not seen is any real ingenuity on behalf of the cybercriminals behind these worms, beyond that of coming up with clever and often amusing hook-lines together with appealing sounding non-videos to entrap the unwary.
Until now. Fortinet’s FortiGuard Center tells me it has uncovered a new malicious Facebook worm that uses Google Reader to gain the trust of victims. Sure, a malicious video is still involved and is distributed through the Facebook worm, but this then attempts to socially engineer trust by redirecting out of Facebook and straight onto a Google Reader share site.
It all starts with the Facebook user getting a message on their wall telling them that someone has uploaded a video of them on YouTube that they should see. Actually, why anyone would fall for this from the get go is beyond me if the Fortinet example message is anything to go by.
It says: "Sommebody uupload a viideo wiith you on utubee, you shuold ese."
If you are mug enough to bother clicking on the link that follows you end up at a Google Reader share. Google Reader lets users share news and online content that they have found interesting, both with their circle of friends and the wider general public.
Find out what happens next, and how you can avoid being just another victim of this illiterate malware crook on page 2...
Fortinet reports that "It appears that cyber criminals behind the Facebook worms registered Google Reader accounts (either manually, or automatically via phishing operations or automated CAPTCHA solvers) for the sole purpose of loading them with links to malicious sites."
So why bother with the addition of the Google Reader layer? Why not just go straight for the video within Facebook needs a new codec jugular? Because people are starting to become aware of the dangers of link clicking this stuff.
Google, however, is seen as a trusted host. If the video is hosted at Google it must be clean, it must be safe, right? Wrong! There is no video, this is just a leveraging of trust layer which, when combined with the 'it started with a note from a friend' factor all adds up to that itchy click trigger finger syndrome.
Guillaume Lovet, Senior Manager at Fortinet’s FortiGuard Global Security Research Team, advises the following ‘Top Five Tips’ to avoid becoming a victim:
Beware of messages with a link inside.
Ask yourself if the message you're reading is from who it claims to be - worms cannot imitate people’s own style of writing.
Be vigilant about video content. Keep in mind that online videos share a very common format, so if you can normally see flicks on YouTube or DailyMotion, you won't ever need any additional plug-in or codec.
Don't browse the Web with a system that's not up-to-date with security updates.
If you have already been fooled by the virus, antivirus protection may very well save you.