Boface.BJ.Worm Uses Facebook to Trick Users
PandaLabs reports the discovery of Boface worm variant No. 56, called the Boface.BJ.worm, which tricks users into purchasing a fake anti-virus application after convincing them to download and install malware via Facebook. Some 1 percent of all computers scanned by the Panda ActiveScan online scanner have been infected with Boface since August 2008.PandaLabs announced May 14 that has uncovered a variant of the Boface worm known as the Boface.BJ.worm that uses Facebook to trick users into purchasing fake anti-virus software. The malware analysis and detection laboratory, run by Panda Security, estimates that roughly 2 million Facebook users could be infected with the worm, which is variant No. 56 of the Boface family of worms. The worm downloads and installs rogue anti-malware using the popular social networking site, then convinces users they need to buy a fake anti-virus application.
After infecting a computer via attachments, Internet downloads, FTP transfers, IRC (Internet Relay Chat) channels, peer-to-peer file sharing or other means, the worm waits for approximately 4 hours before activating. At that point, when a user logs in to the Facebook account, the worm sends a message with a link to that user and to his or her entire network.
- Don't click suspicious links from nontrusted sources. "This should apply to messages received through Facebook, through other social networks and even via e-mail."
- If you do click on a suspicious link, check the target page carefully. Don't recognize it? Close your browser. Posthaste.
- Don't accept downloads from a suspicious target page.
- If you do head to a suspicious target page, click on the link, accept a download and start receiving multiple infection messages, remember that this is most likely a fraud.
- Make sure your computer is secure as a matter of course.