Base on the report there is a new worms spreading on Facebook and making use of links to pages hosted on popular Google services like Google Reader or Picasa Web Albums in order to bypass security filters and reduce user suspicions. The general propagation of malware, which circulates around Facebook, is based on social engineering techniques. The worm uses the Facebook accounts accessed from the infected computer in order to send a message to all the friends registered for each account. The message encourages users to watch a video file hosted on an external URL. Clicking on the URL takes the users to an image faking an embedded video. Clicking the image to start the video will result in an ActiveX prompt that asks users to install a fake video codec, which is actually a Trojan.
The website administrators had a hard time stopping it, but after significant efforts, they succeeded in slowing it down. They achieved this by implementing security filters, which blocked the external URLs the worm used to spam. Then, the attackers tried to bypass the filters by hosting the links on services like TinyURL or Bloglines and it looks like they’ve hit big lately by using links hosted on Google’s Reader and Picasa services.
Related posts:
