Koobface worm attacks Facebook

September 15th, 2009

Facebook users beware! A new type of malware with the name Koobface (yes, the name is an anagram of Facebook) has been infecting Facebook accounts at random, stealing personal information and user credentials. It is unknown who created the malware, but it is undoubtedly the work of a really smart hacker. Just a few weeks back, users around the world came across a malware attached to a pirated version of the movie Harry Potter and the Half Blood Prince movie. Before the dust had even settled, Koobface malware has set a new scare for Facebook users.

The malware works in a similar manner to other common malwares. It sends you a spam message on Facebook, asking you to view a particular video by visiting a website. When you visit the site by clicking on the link provided in the message. When you visit the website, you will see that the site looks exactly similar to Youtube. There will be a ton of comments visible under the video, all posted by the hackers using bogus user credentials.

The hackers were thorough enough to create a frighteningly realistic set up in the background before launching the malware. This is seen when you view the malware the malware uploader’s user profile. The profile is well-detailed and contains tons of authentic looking information about the user. The information is of course baseless and fake, but the presentation is very well done.

When you try to play the video, you are asked to install a file (or in some cases, a “required” codec) setup.exe in order for the video to play. This file is actually the Koobface malware itself. When you try to install the file, the core file of the malware, which has a filename of WORM_KOOBFACE.AZ, will get installed in your hard disk.

After the malware installs itself in your PC, the real game begins. It has already acquired the credentials of your Facebook account. Now the malware will log in to Facebook using those credentials. Then, it will use your user account to send spam e-mails to each and every person in your network. Each of those spam messages will contain a link to that website (where the fake video file has been hosted). The malware has been spreading at an alarming rate due to this.

No known removal tool has been developed for the malware yet. So, your best bet would be to avoid clicking on any spam messages that are delivered to your Facebook Inbox.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • StumbleUpon
  • Twitter

Posted in Internet Security

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.