Panda IDs Facebook worm

Johannesburg, 15 May 2009

The Boface.BJ.worm, the 56th variant of a family of worms that uses Facebook to download and install a fake anti-virus, has been identified, according to Panda Security.

The company says worms are designed to use Facebook largely because of its global popularity, with a reach of approximately 200 million users.

An online Panda ActiveScan shows that 1% of computers scanned were infected by a variant of Boface between August 2008 and April this year.

“Extrapolating this data in line with the number of Facebook users, we arrive at a figure of 2 million users that could be infected,” says Jeremy Matthews, head of Panda's sub-Saharan operations. “The increasing number of variants in circulation is due to the aim of cyber-crooks to infect as many users as possible and therefore boost their financial returns.”

Panda Security notes that comparing infection figures from August 2008 with those in April 2009 indicates an exponential infection growth rate as high has 1 200%. The company forecasts quarterly growth of over 100% for the current year.

According to Panda, infections happen through e-mail messages with attachments, Internet downloads, files transferred via FTP, IRC channels and P2P file-sharing networks. Once an infected user logs into Facebook, a message is sent to all their 'friends' with a link to click on.

The company explains that this link takes people to a fake YouTube page (called “YuoTube”) where they are prompted to download a media player. If they accept, the virus is downloaded and installed and users are told they have been infected with a virus and need to buy an anti-virus solution.

“Users of social networks like this normally trust the messages they receive, so the number of reads and clicks is often very high,” says Matthews.

To prevent this type of fraud, Panda Security advises users not to click on suspicious links from non-trusted sources and if they do follow links, to check that the target page is legitimate. In addition, Panda warns users not to accept if they are prompted to download something they did not intend to.