Security Alert for Social Networking Sites: LJ and Facebook

As they said on Hill Street Blues, “Be careful out there.”

US-CERT is aware of public reports of malicious code spreading via popular social networking sites including,,,,,, and The reports indicate that the malware, named Koobface, is spreading through invitations from a user’s contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update, it is malicious code.

Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users’ private information.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

* Install antivirus software and keep the virus signature files up to date.
* Do not follow unsolicited links.
* Use caution when downloading and installing applications.
* Obtain software applications and updates directly from the vendor’s website.
* Refer to the Staying Safe on Social Networking Sites document for more information on safe use of social networking sites.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

For more information: