viruses – Stay N Alive

Secret Crush Worm Resurfaces

book-club-book-worm.pngTechCrunch and several other publications recently blogged about new worms surfacing that target Facebook through various means. Some are sent via e-mail with links to malicious videos, while others link directly to phishing sites that look just like Facebook and take the username and password of those thinking they are logging into Facebook. I’ve noticed the recent come-back of one I blogged about 5 months ago called the “Secret Crush” worm – I’ve received 3 wall posts just today from this, along with one or two from the recently announced phishing worms. I can’t help but wonder if the two are related.

The “Secret Crush” worm seems to log into unsuspecting users’ accounts, send wall posts to their friends, and even some times, as was the case with my Aunt 5 months ago, change the user’s status as well. All posts seem to link back to a blogspot-hosted site that tries to get more information from the user to find out who their “secret crush” is. Google seems to be removing these almost as fast as they are being put up though.

In the case of all the recent worms, it goes without saying that having a strong password is very important – if you have been hit by any of these worms, change your password and notify Facebook, immediately! In addition, the following pointers should help prevent you from being infected:

Make sure your password is strong!

As mentioned, always make sure your password is strong, and don’t use the same password on Facebook and other Social Networks as you do elsewhere on the internet. This will prevent you from having more than just your social identity stolen.

Never, ever, click on links in e-mails, even from Facebook, unless you’re 100% sure where they are going to.

Don’t just look at the web address you see in the e-mail, but rather mouse-over the link and see where your browser says it’s going to go to. Even then, when in doubt, copy the url and paste it into your browser – if your e-mail client supports javascript for some reason it can still deceive you.

Always be sure you’re on the site you’re supposed to be on before you enter your log in information after clicking on a link from an e-mail.

This is how many of these worms get you – they link to a site that looks and feels like Facebook (or other site), but instead have linked you to something like Faceinbook.com that is collecting your information. Once they have access to that they have access to everything in your Facebook profile.

Make sure you have Spyware and Anti-virus software installed!

Facebook is not immune to Anti-virus software. There is actually a well-known spyware application called “Secret Crush”, and there’s probably a very likely case these two are related. If you are infected with Spyware or a virus there is an easy opportunity for these apps to steal your login information as you log into these sites.

Just as with your PC, it is your responsibility to ensure yourself, your computer, and now with social networks, your friends, are protected from viruses, spam, and spyware. You now have a social responsibility to ensure this doesn’t get spread to your friends on these networks.

Have you been infected? What is it that you think caused the infection? Please share with us in the comments below and on FriendFeed.