New worm targets Facebook, MySpace

Just because a "friend" sends you something on Facebook or MySpace doesn't mean you should trust it.

A new worm is spreading via Facebook and MySpace, turning victims' computers into zombies on a botnet, Kaspersky Lab said on Friday.

Basically, infected machines are propagating the worm by sending messages via the social networks to friends in the network.

The messages look like they contain links to video clips. When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player. Instead, it is the worm itself, infecting yet another victim.

When infected machines log onto the social networks the next time their computers automatically send the malicious messages out to new victims grabbed from the friend list, said Ryan Naraine, security evangelist at Kaspersky.

"We've seen these types of worms before, typically around MySpace," he said. "People are more trusting of things they receive from a friend," and many people don't recognize that what they are downloading isn't a legitimate Flash Player file, but a malicious program.

Naraine repeated the refrain that security professionals have been spreading for years: be careful about downloading anything to your computer, even if it appears to come from a friend; and be diligent about applying security patches to your computer.

[internetworld7]

Oh the joys of owning a Mac! I may engage in whatsoever dangerous online activities I feel like. I just love my super secure Mac. ?

[alegr]

If the trojan was written for OS X, and you were tricked into believing that it's Flash update and you need to install it, and it installed into your beloved "secure" OS X, what would you say then?
THis is trojan, it requires human assistance to install. OS X is as much vulnerable to those as Windows. As long as anybody cares to write a trojan for it.

[jake49]

what about the safari virus that crashed mac os x and iphones? No matter what platform you just have to be careful...

[imacpwr]

You ever notice how often cnet carefully DOESN'T mention which operating system is vulnerable...? pssst.. got a hundred bucks that says it's MS again ;)

[davetheant]

of course, but most distros of LINUX can play better games than macs--best to have both.

[thabassman]

lol mac fanboys. While its true, there is no need to get so upset.

[Motyoj]

When clicked on they prompt the recipient to download an executable file that purports to be the latest version of Flash Player.
Being an executable file, this will affect Windows users...It's always advisable to be safe no matter what platform you use.

[Fire Balls]

hmm yeah I want to target a platform that only has 5-10% of the market share at best. lol that would be a very dumb move on anyone's part. Mac security is a joke a much bigger joke then MS I might add. Not only do the patch slower then MS but most users care nothing about the security of their Mac just assuming that it will never be targeted because it is a Mac. There will be a wake up call someday and when that day comes it's not going to be pretty.

[jnork]

Right now over 80% of the malware currently in the wild is targeted at Windows, and it's been that way for over a decade, but Windows users haven't received that wake-up call. If they had, perhaps there wouldn't be such a big market in botnets.

And I dispute your implied assertion that the only reason OS X has a better track record is because nobody targets it. However, I don't intend to discuss it here, it's been done to death elsewhere (http://www.silvermac.com/2008/why-there-are-no-viruses-for-osx/ for example). (And actually I will agree that it's part of the reason.)

But I've got a great idea. Right now your assertion is just smoke; you can't prove it until Mac has as large a market share as Windows. But there's one easy way to prove you're right. All we need is enough people to switch to Apple! All you MS fanbois, go out and buy a Mac -- and use it -- and use it with OS X. Enough of you do that and pretty soon you'll be able to prove your case.

Meantime, I'll sit here and feel all smug and superior because I know you won't put your money where your mouth is. :)

P.S. My Windows machines aren't infected either. Maybe some of use don't need that wake-up call?

[MrTangent]

Imagine the prestige of being the first actual virus author that specifically targets Mac OS X. I'm talking real world infectious virus. Not some proof-of-concept that never exploits real Macs. Now imagine that your flippant 5-10% of the market share equates to 30-50 MILLION users. That's not a small number.

The real reason I believe Macs are not targeted is because quite simply they are more secure. OS X is built on Unix code, specifically FreeBSD (with the Mach kernel). FreeBSD has thirty plus years of security built-in. OS X has proven itself to be extremely secure as well; Apple patches quickly and unlike Microsoft most of the things that affect them are from third-party software and unlike Microsoft there is almost no exploited code. Whereas Microsoft routinely has exploited code. I'll grant them that Vista is a big step forward for security, but if we look at XP and Vista together, they still pale in comparison to OS X from a security standpoint. Your misguided obfuscations of the truth cannot dispute that.

I will agree, however, that Mac users need to start being a little more "paranoid". Mac users should, at minimum, use a virus software of some sort (if for no other reason than they don't propagate viruses to their Windows friends by accidently forwarding emails to them). OS X's permission system (again: Unix) is pretty secure as long as the user isn't logged in as root/admin or using SUDO commands or whatever.

[b_baggins]

Pontificate about the "why" all you want. Meanwhile I will continue to use my "marginal" operating system with less worry than your "popular" one.

[Fire Balls]

hmm yeah I want to target a platform that only has 5-10% of the market share at best. lol that would be a very dumb move on anyone's part. Mac security is a joke a much bigger joke then MS I might add. Not only do the patch slower then MS but most users care nothing about the security of their Mac just assuming that it will never be targeted because it is a Mac. There will be a wake up call someday and when that day comes it's not going to be pretty.

[Fire Balls]

hmm yeah I want to target a platform that only has 5-10% of the market share at best. lol that would be a very dumb move on anyone's part. Mac security is a joke a much bigger joke then MS I might add. Not only do the patch slower then MS but most users care nothing about the security of their Mac just assuming that it will never be targeted because it is a Mac. There will be a wake up call someday and when that day comes it's not going to be pretty.

[shawn1313]

Let this be a lesson to y'all: don't download flash player updates (flash is VERY easy to live without).

[jef5623]

FaceBook and MySpace Should not enter the 7th age of computing like this. They must do some thing about it very quickly..

[azn_maxx300o]

noobs.

[Harrison912]

Thank you for this warning. I use FaceBook and MySpace to socially connect with those I care about keeping safe with my safety and security products.

The safety and security of my personal computer is something I covet since it's the most important tool for my business.

[davetheant]

You guys are great

[necolle13]

I believe I installed the "updated" Flash Player.....what do I need to do to fix this problem? I ran my antivirus last night, and it came back with nothign.....

Thanks in advance!

[sandyviv]

now most of the popular networking sites are preyed on by hackers. no one is safe in the internet. everyone should be careful while opening any suspicious files. myspace and facebook are here for the long run so they should do something to stop this if they dont they will lose users. after reading this i am really thinking twice to visit these sites. not only this is the only problem, i read somewhere that our informations are leaked to third parties or its too easy to get our personal info from these sites. i have now stopped using these sites.

im now in search of new sites which are more secure. and recently i stumbled upon a new site which i think is cool, fun and SECURE. its
http://atflashback.com
if anyone looking for a change from all these go and visit atflashback.com.