Google Readers at risk from unsocial Facebook worm

Davey Winder
Wednesday, 29 October 2008 17:42

Your IT - Home IT

Fortinet reports that "It appears that cyber criminals behind the Facebook worms registered Google Reader accounts (either manually, or automatically via phishing operations or automated CAPTCHA solvers) for the sole purpose of loading them with links to malicious sites."

Click on that video frame which appears within this shared content page and the old redirect to a fake codec download kicks in, with a Trojan-enabled site being the endpoint of this particular game.

So why bother with the addition of the Google Reader layer? Why not just go straight for the video within Facebook needs a new codec jugular? Because people are starting to become aware of the dangers of link clicking this stuff.

Google, however, is seen as a trusted host. If the video is hosted at Google it must be clean, it must be safe, right? Wrong! There is no video, this is just a leveraging of trust layer which, when combined with the 'it started with a note from a friend' factor all adds up to that itchy click trigger finger syndrome.

Guillaume Lovet, Senior Manager at Fortinet’s FortiGuard Global Security Research Team, advises the following ‘Top Five Tips’ to avoid becoming a victim:

Beware of messages with a link inside.
 
Ask yourself if the message you're reading is from who it claims to be - worms cannot imitate people’s own style of writing.
 
Be vigilant about video content. Keep in mind that online videos share a very common format, so if you can normally see flicks on YouTube or DailyMotion, you won't ever need any additional plug-in or codec.

Don't browse the Web with a system that's not up-to-date with security updates.

If you have already been fooled by the virus, antivirus protection may very well save you.