October 17, 2008, 10:17 AM — Fake pages on social networking site Facebook which claim to offer free videos will infect Windows PCs with malware, warns F-Secure.
The security company said those infected will see their Facebook profile hijacked, while a message will be sent to their friends with a link to a YouTube video. Clicking the link sends the user to a third-party site, which scans the operating system before directing the user to an attack page where they are asked to download an updated version of Flash. This is in fact malware and once downloaded will hijack that user's Facebook profile and start the process again, this time sending the fake link to their friends.
If the OS scan detects an OS other than Windows, it sends the user to the actual YouTube front page and doesn't infect their system.
"This propagation method is effective because the message is supposedly posted by a friend," said F-Secure in a blog.
"A person receiving such a message is far more likely to click the included link, greatly increasing the chances of infection."
