As they said on Hill Street Blues, “Be careful out there.”
US-CERT is aware of public reports of malicious code spreading via popular social networking sites including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com. The reports indicate that the malware, named Koobface, is spreading through invitations from a user’s contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update, it is malicious code.
Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users’ private information.
US-CERT encourages users and administrators to do the following to help mitigate the risks:
* Install antivirus software and keep the virus signature files up to date.
* Do not follow unsolicited links.
* Use caution when downloading and installing applications.
* Obtain software applications and updates directly from the vendor’s website.
* Refer to the Staying Safe on Social Networking Sites document for more information on safe use of social networking sites.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
For more information: http://www.us-cert.gov/