According to Kaspersky Lab, the worms are designed to upload additional malicious modules with other functionality via the Internet, so it’s most likely that the botnets will also be used for other malicious purposes.
Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace account. The worm creates a range of commentaries to friends’ accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users’ friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others.
If the user clicks on the link included in the messagge, he is redirected to http://youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch it, he is told that he needs to download the latest version of Flash Player in order to watch the clip. Needless to say, the user doesn’t get the real Flash version, but a file called codecsetup.exe – a network worm.
“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites. So the likelihood of a user clicking on a link like this is very high”, says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab. “At the beginning of 2008 we predicted that we’d see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we’re now seeing evidence of this. I’m sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity”.