US-CERT is aware of public reports of malware spreading via popular social networking sites. The reports indicate that this malware is spreading through spam email messages appearing to come from Myspace.com, Facebook.com, and Classmates.com. The email contains a message indicating that there is a YouTube video available and instructs the user to follow the link to view the video. If users click on this link, they will be prompted to update Adobe Flash Player. This update is not a legitimate Adobe Flash Player update–it is malicious code.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

• Install antivirus software and keep the virus signatures up to date.
• Do not follow unsolicited links.
• Use caution when downloading and installing applications.
• Obtain software applications and updates directly from the vendor's website.
• Configure your web browser as described in the Securing Your Web Browser document.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.ma