Beware of the FBI vs Facebook virus

Page 1 of 1

Beware of the FBI vs Facebook virus

BPO Watch News Desk
August 25, 2008

Beware of the FBI vs Facebook virus

The "FBI vs. Facebook" mailings are new lures for an existing virus (rather than a new form of virus), but they've garnered much attention. The mailings, which began in July 2008, typically arrive with a subject line of "F.B.I. vs. Facebook" and include the text "F.B.I. Facebook Records" with a link to what appears to be a news site. However, clicking through on the link will initiate the download of a malicious executable file called fbi_facebook.exe.

Behind all these theatrics is the storm worm, a virus that has been around for a few years and has been spread using many such plausible stories. The "Storm Worm" (so named because the spam e-mail messages that carried it commonly bore the subject line "230 dead as storm batters Europe") began hitting computers around the world in mid-January 2007. The malicious payload it carries (which may be one of several, including Trojan.Peacomm or Win32.Small.DAM, a variant of Win32.Small) affects most Windows-based platforms.

Storm is a serious threat for several reasons. It communicates "peer-to-peer" instead of via a "command and control" network. For that reason, you can't just disable a few computers that are feeding instructions to the others. The virus download is encrypted, so it is difficult for antivirus programs to recognize, and infected computers are updated by the peer network on a daily basis to keep antivirus programs from recognizing it once they are updated to recognize previous editions of the virus.

The number of infections worldwide is massive, and a quarter of them are on major networks in the US like SBC, Comcast, and Roadrunner. That means that a bank or other business under denial of service attack can't simply block all traffic from certain segments of the internet, because it would be blocking its own users that are sharing those same internet addresses with storm infected computers as they log in and out of the internet.

Because this particular incarnation invokes the name and symbol of the Federal Bureau of Investigation (FBI), that agency has issued a press release to warn the public about the misleading messages.

Page 1 of 1