PandaLabs has detected Boface.G, a new worm that uses the Facebook and MySpace social networks to spread. The Boface.G worm posts a link on the infected users’ profile or contacts panel of a fake YouTube video. Alternatively, it sends the infected users’ contacts a private message with the link. When users try to watch the video (which appears to come from one of their friends) they are taken to a web page where they are encouraged to download a Flash Player update. However, if they do so, they will enable access for the worm into their computers and will infect of all their contacts.
According to PandaLabs, one of the two social networks under attack has already taken measures to protect users from this malware. It is recommended that all users of these social networks take the precautions for protection against this malicious worm:
- Install a security solution with proactive technologies on the computer. This way, you will be protected against malicious codes that spread through these networks, even if no previous attack has been launched.
- Keep the computer up-to-date: Users must be aware of and resolve all the vulnerabilities that affect the programs installed on the computer.
- Don’t share confidential information: If you access forums and chats to exchange information, talk, etc. remember not to provide confidential information (email addresses, credentials, etc.).
- Teach children: Children must know which information they can share and which not. To do so, parents must know the social networks they access and teach them the correct and safe way of playing.
- Only provide the information necessary in the profiles: When creating user profiles, only provide the information necessary. If it requests private data like the email address, select the option to prevent other users from seeing the information, to ensure no users other than yourself and the administrator can access your data.
- Report crimes: If you observe inappropriate or criminal behavior (attempts to contact children, inadequate photos, modified profiles, etc.) you must inform the social network administrators.