Fortinet's FortiGuard Global Security Research Team discovered a Facebook worm that is trying to leverage Google Reader and Google Picasa to gain trust in visitors with an intention to download a malicious codec onto their machines.

A malicious message is sent to friends of the infected user, prompting them to visit a page carrying an online video. However, should the targeted users follow the link, they would soon find out the video does not start unless they install a special codec, as prompted for by the page! As a matter of course, the said codec is nothing else than a Trojan, loading various malware pieces, possibly including a copy of the worm.

How to stay safe:

1. Beware of messages with a link inside. That should first trigger your threat alarm.

2. In such a case, pause one second and ask yourself if the message you're reading is from who it claims to be. It's very easy with people you know, because everyone has a "digital voice" of his/her own, a writing style that cannot be imitated by worms. Yet.

3. A lot of social engineering slight of hand used by social networking sites rely on teasing the victim into watching a video. Keep in mind that online videos share a very common format (i.e. flash), so if you can normally see flicks on youtube or dailymotion, you won't ever need any additional plugin or codec. Most importantly: codec which come in the form of executable setup files are, in this context, Trojans.

4. Don't browse the Web with a system that's not up-to-date with security updates. Often, those malicious end-points carry some web-browser exploits that will actually push the Trojan onto your system without your knowledge, let alone your interaction. This won't happen if your browser is up to date. You may prefer alternate browsers for that purpose, hence reducing the exploit surface in your gear.

5. If you failed somewhere, or if the malicious site exploited some unpatched flaw in your browser, antivirus gear may very well save you. A combination of antivirus and Web content filtering would create stronger protection, as if the malicious site is blacklisted on the Web filtering part, antivirus may not be needed to make the attack fail -- but it is always good to have both due to the increased sophistication of threats.

Source: Mr. Guillaume Lovet, Senior Manager of Fortinet's FortiGuard Global Security Research Team