PandaLabs reports Christmas to spread via Facebook

is a favorite hunting ground for hackers. The vast pool of users
offered by this popular social network and the ease with which accounts
can be hacked make it a highly attractive channel for spreading
malware. Such is the case with the latest variant of a well-known worm:
Koobface.GK. The bait consists of a Christmas greetings video hosted on
a YouTube page. On playing the video, or clicking a link on the page,
users will download and install the worm.  Image

When the virus is installed on a computer, the following image appears
and if users fail to enter the corresponding ‘captcha’ (Completely
Automated Public Turing test to tell Computers and Humans Apart), it
threatens to reboot the computer within three minutes. When the three
minutes are up, nothing happens, but the computer is rendered unusable.
Every time the captcha text is entered, the worm registers a new domain
where the video will be hosted in order to continue being distributed.

According to Luis Corrons, Technical Director of PandaLabs, “social
networks have become one of the methods most frequently used by hackers
to spread their creations, due to the false sense of security many
users have regarding the content published on these networks.  Users
generally trust the messages and content they receive, and consequently
hackers get a high level of response through these channels”.

Christmas: hackers’ favorite time of year

Internet users often send Christmas greetings to their family and
friends over the Web. Infection figures are always high at this time of
the year, as new viruses emerge that take advantage of this increased
user activity. 

Every Christmas we see new malware designed specifically for the festive season:

– MerryX.A appeared in 2005. It reached users’ computers in a Christmas greetings email with an attachment .
It was really a Trojan designed to capture keystrokes and steal
information. It managed to infect over 50,000 Internet users in only a

– Zafi.D. Although this worm appeared in 2002, it is still distributed
through emails that use Christmas greetings as bait. It opens a port on
the infected computer without users’ knowledge and downloads another
– The Navidad (Christmas in Spanish) malware family has numerous
variants. These astute worms appeared in 2007. They are difficult to
detect because they reach computers as a reply to an email which has
previously been sent to another (infected) recipient. The message
includes the Navidad.exe file which infects computers when run.

Here are a few security tips from PandaLabs when using social networks: 

1) Don’t click suspicious links from non-trusted sources. This
should apply to messages received through Facebook, and through other
social networks and even via email.

2) If you click on the links, check the target page. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC
starts to launch messages, there is probably malware on your computer.

5) As a general rule, make sure your computer is well protected, to
ensure that you are not exposed to the risk of infection from any
malicious code. You can protect yourself with the new, free Panda Cloud
Antivirus solution


Please enter your comment!
Please enter your name here