US-CERT is aware of public reports of malicious code spreading via popular social networking sites including myspace.com, facebook.com, hi5.com, friendster.com, myyearbook.com, bebo.com, and livejournal.com. The reports indicate that the malware, named Koobface, is spreading through invitations from a user's contact that include a link to view a video. If the users click on the link in this invitation, they are prompted to update Adobe Flash Player.
** This update is not a legitimate Adobe Flash Player update, it is malicious code. **
Additionally, some of the reports indicate that there are multiple bogus Facebook applications being used to obtain users' private information.
We encourage users and administrators to do the following to help mitigate the risks:
- Install antivirus software and keep the virus signature files up to date.
- Do not follow unsolicited links.
- Use caution when downloading and installing applications.
- Obtain software applications and updates directly from the vendor's website.
- Refer to the Social Networking Sites How to Stay Safe Newsletter available on our website at http://www.oispp.ca.gov/
government/library/documents/ March_2009_Security_ Networking_Sites_How_to_Stay_ Safe.doc - Refer to the Staying Safe on Social Networking Sites document available on US CERT's website at http://www.us-cert.gov/cas/
tips/ST06-003.html for more information on safe use of social networking sites. - Refer to the Avoiding Social Engineering and Phishing Attacks document available on US CERT's website at http://www.us-cert.gov/cas/
tips/ST04-014.html for more information on social engineering attacks.
Thank you,
California Office of Information Security
916-445-5239
www.infosecurity.ca.gov
No comments:
Post a Comment