Illustration - Host Intruder

Santa leaving viral lump of coal on Facebook

Illustration - Host Intruder
Illustration - Host Intruder

Virus pretends to be a Santa or Christmas video but spreads Koobface Variant

Panda Security, developers of computer security software, are reporting a Facebook virus that posts a ***SantA*** message on your wall. Click it and you are infected.

Aren’t we all getting a little sick of this virus thing? We have virus checkers on our computers but that’s not enough. When the site we visit, like Facebook, is not secure we are are risk. Even then, the devils can get us. We were attacked a month ago with a virus that infected the browser cache and hopped between Firefox sessions. Hows’ that for obscure ways to get infected?

Panda Labs notice

Facebook Users’ Holiday Spirit Target of New Koobface Variant, Reports PandaLabs

  • Variant spreads on Facebook through Christmas greeting card video
  • Attack follows years of continued exploitation of the holiday season by cybercriminals

Cybercriminals are capitalizing on the Christmas holiday in a new Facebook scam that renders users’ computers useless, reports PandaLabs, Panda Security’s malware analysis and detection laboratory.

Following the posting of malicious links on Facebook users’ walls, the bait directs to a fake embedded video player that poses as a Christmas greeting. When users try to play the video or click on a link on the page, their computers download and install a variant of the well-known Koobface worm, Koobface.GK. An image of the scam is available at http://www.flickr.com/photos/panda_security/4166135978/.

After the virus is installed on a computer, a captcha is displayed that threatens to reboot the computer within three minutes. Although nothing happens after three minutes, the computer is rendered useless. Every time a user enters the captcha text, Koobface.GK registers a new domain where the infection files are hosted, facilitating the worm’s continued distribution. For an image of the captcha, visit http://www.flickr.com/photos/panda_security/4166136042/.

“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” says Luis Corrons, technical director of PandaLabs. Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels.”

Christmas: Cybercriminals’ favorite time of year

The latest attack takes advantage of an increase in Internet users sending Christmas greeting cards to their family and friends. It follows continued attention from cybercriminals on the holiday season, with Christmas-themed malware that is created year after year.

Examples of Christmas-specific malware first appearing in past holiday seasons include:

  1. ZafilD, 2002: Although this worm appeared several years ago, it is still distributed through e-mails that use Christmas greetings as bait. It opens a port on the infected computer without users’ knowledge and downloads another Trojan.
  2. MerryX.A, 2005. MerryX.A infected users’ computers in a Christmas greetings e-mail with an attachment, which was really a Trojan designed to capture keystrokes and steal information. A photo is available at http://www.flickr.com/photos/panda_security/4165379077/. This Trojan managed to infect more than 50,000 Internet users in only one week. For more information, visit http://www.pandasecurity.com/homeusers/security-info/101654/MerryX.A.
  3. The Navidad (Christmas in Spanish), 2007. This malware family has numerous variants. These astute worms are difficult to detect because they reach computers are sent in the form of an e-mail reply, which has previously been sent to another (infected) recipient. The message includes the Navidad.exe file, which infects computers when run.

To stay safe on social networks, PandaLabs recommends Internet users do the following:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, other social networks and even via e-mail.

2) If you click on links, check the target URL. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange on the target URL page but are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages, there is probably malware on your computer.

5) As a general rule, make sure your computer is well protected to ensure you are not exposed to the risk of infection from any malicious code. You can protect yourself by downloading Panda Security’s new free Panda Cloud Antivirus solution at http://www.cloudantivirus.com.