A second worm is targeting Facebook users, according to security company Sophos.
The new worm posts a message on users ‘comment wall’ which, if clicked, will download a Trojan to the user’s PC. The comment on the message wall is disguised to look like it comes from one of the user’s friends, and directs to a video on a fake Google site. When the user clicks on the link, a picture of a medieval jester is shown, and the Trojan automatically downloads.
The worm is thought to be different to the attack on Facebook and MySpace which Kaspersky Lab issued a warning about last week.
Sophos did not detail what the downloaded Trojan does, nor did the company give details on how to remove it, although Graham Cluley, senior technology consultant for Sophos, said in a statement that the ongoing attacks may mean a change to corporate policies regarding Facebook.
“There has been a flurry of malicious emails recently posing as links to videos – so there’s really no excuse not to know of this trick being commonly used by hackers at the moment. Companies will once again be considering whether it’s time to block Facebook in the workplace – not just for the usual productivity reasons, but because of the security threats that sites like this may pose to their enterprise,” he said.
In a blog posting, Max Kelly head of security at Facebook said that the company had now blocked the link to the download site.
“We’ve identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware,” he said.
