informa
5 min read
Products & Releases

Cybercriminals Using Facebook To Drive Rogue Antimalware Business

PandaLabs discovers Boface.BJ.worm, which uses Facebook to download and install rogue antimalware and trick users into believing they are infected and consequently buy a fake antivirus solution
GLENDALE, Calif., May 14 /PRNewswire/ -- PandaLabs, Panda Security's malware analysis and detection laboratory, today announced that it has discovered that variant number 56 of the Boface family of worms has just appeared, Boface.BJ.worm. Largely due to the enormous global popularity of Facebook and the potential it offers for reaching numerous users, each of these variants has been designed especially to use this social network to distribute and download malware. The BJ variant in particular uses Facebook to download and install rogue anti-malware and trick users into believing they are infected and consequently buy a fake antivirus.

According to data compiled through the free Panda ActiveScan online scanner, 1 percent of all computers scanned were infected by a variant of Boface since August 2008. Luis Corrons, technical director of PandaLabs states, "Extrapolating this data with an estimate of the number of Facebook users, about 200 million, we approximate that two million users could be infected. The increasing number of variants in circulation is due to the aim of cyber-crooks to infect as many users as possible and therefore boost their financial returns."

The number of infections observed for this type of malware since August 2008, indicates an exponential growth rate as high as 1,200 percent, from then to April 2009. With respect to the geographic distribution of infections, almost 40 percent are in the United States, with the rest distributed across many different countries. Please visit the following link for a visual of the increase in Boface worm infections in the past year: http://www.flickr.com/photos/panda_security/3527895905/.

The rogue anti-malware business is one of the most prolific cyber crime activities, with respect to the number of examples in circulation. PandaLabs forecast quarterly growth of more than 100 percent for the current year. Please visit the following link for a graph that represents the growth of rogue antivirus in the past year:

http://www.flickr.com/photos/panda_security/3528707694/

The new Boface.BJ.worm reaches computers in several ways using email messages with attachments, Internet downloads, files transferred via FTP, IRC channels, P2P file-sharing networks, etc., to infect unsuspecting users. Once the computer has been infected, the worm takes four hours to kick into action, activating once infected users have entered their Facebook accounts. In that moment, it sends a message to the entire network of friends, including the infected user. Please visit this link for a photo example: http://www.flickr.com/photos/panda_security/3528707512/

Anyone clicking on the link in the message will be taken to a fake YouTube page (called "YuoTube"): http://www.flickr.com/photos/panda_security/3527896167/ where they will supposedly be able to see a video. However, they will first be prompted to download a media player. If the user accepts, the fake antivirus will be immediately downloaded. From the moment it is installed, this malware will launch messages claiming that the computer is infected and that the user must buy a solution. Specifically, one of the fake antivirus products displayed in this interface:

http://www.flickr.com/photos/panda_security/3528707634/

Given the viral nature of Facebook networks, it is fair to assume that this message will spread exponentially leading to very high infection rates. Corrons adds, "Users of social networks like this normally trust the messages they receive, so the number of reads and clicks is often very high. Clearly, in addition to the security measures of the social network itself, users have to take on board certain security and personal privacy basics, to avoid falling victim to fraud and contributing to its propagation."

To prevent this type of fraud, PandaLabs offers the following advice:

1. Don't click suspicious linksfrom non-trusted sources. This should apply to messages received through Facebook, through other social networks and even via email. 2. If you do click on any such link, check the target page carefully (in this example, it is clearly a fraud) and if you don't recognize it, close your browser. 3. Even if you don't see anything strange in the target page, but you are asked to download something, don't accept. 4. If, however, you have still gone ahead and downloaded and installed some type of executable file, and your computer begins to launch messages saying that you are infected and that you should buy an antivirus, this is most likely a fraud. Never entered your credit card details, as you will be putting your money at direct risk. And above all, make sure you get a second opinion on the security of your system with any reliable free online security solution such as Panda ActiveScan. 5. As a general rule, make sure your computer is well protected to ensure that you are not exposed to the risk of infection from any malicious code. You can protect yourself with the new, free Panda Cloud Antivirus solution (www.cloudantivirus.com).

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security's new security model which can even detect malware that has evaded other security solutions.

Currently, 94 percent of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), working 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com and the Panda Security website: www.pandasecurity.com/usa.