Boface Worm’s New Variant Discovered on Facebook

PandaLabs reports that it has discovered a new variant of Boface worm, known as Boface.BJ.worm, which deceives users into buying a bogus antivirus application after persuading them to download malware via Facebook.

After attacking a system through attachments, Internet installations FTP transfer, IRC (Internet Relay Chat) channels, peer-to-peer file sharing or other methods, the worm stays for nearly 4 hours before becoming active. When a user logs-in to the Facebook account, the worm sends a message alongwith a link to the user and his whole network.

If a user clicks on the link, he is taken to an inauthentic page of YouTube that directs him to install a "media player" to view a fictional video. If the user follows instructions, the malware is installed and will open messages saying that the system is attacked and the user needs to purchase an antivirus application.

Luis Corrons, Technical Director, PandaLabs, states that social networks users often trust the messages they get; hence, the number of reads and clicks remains high, as reported by eWeek on May 15, 2009.

He also adds that the rising volume of malware variants circulating on the Internet is because of the hackers' intention to target as many users as possible to raise the monetary returns, as reported by techradar on May 14, 2009.

The number of infections analyzed for this family of warms indicates to an exponential growth rate as high as 1,200% over the past eight months (since October 2008). Around 40% of infections are discovered in the US, while the remaining circulated across several countries.

The firm's estimation reveals that around 1% (2 Million) of all systems scanned by PandaLabs has been attacked by Boface since August 2008.

Security experts have recommended that users should not click on unsolicited links from unfamiliar sources. Luis also adds that apart from the security measures of the social network itself, users need to adopt certain safety and individual privacy basics to avoid falling victim to fraud and to contribute to its dissemination.

Related article: BBC’s Subscriber Mailing List Hacked By Spammers

» SPAMfighter News - 5/27/2009