Share
Koobface is an interesting Worm that has had a lot of media coverage. While it is just as malicious as other Malware online, researchers at Trend Micro have discovered that Koobface has added new features that allow it to automate the infection process. As is its namesake, the automation targets Facebook.
Koobface automates itself for faster infection rates. (IMG:J.Anderson)
Koobface loves Facebook. Over the past year or so it has made visits to the social networking portal and its users many times. Now, a new component of Koobface is seeking to make its home on Facebook permanent.
What the component does is behave like a normal Internet user by creating Facebook accounts. The overall object is to make infecting people easier. Based on what we’ve seen at The Tech Herald, this little scheme has been going on since late October.
Research from Trend Micro explains that the component starts by automating Internet Explorer and creating a Facebook user account. To confirm and validate this newly created account, Koobface uses GMail to complete the registration process. Now that the account is created, validated, and usable, Koobface starts to join groups and add friends.
“Moreover, it employs a check if it has already reached the maximum friend requests set by Facebook or not. Hence, it keeps itself under the radar and does not cause any alarm to Facebook administrators,” Trend Micro noted in their alert.
Once new friends are added to the rogue account, Koobface will post messages to their walls that look similar to the ones below.
[This image is just three of the examples we discovered while researching this story. The names that are left visible are the accounts created by Koobface.]
The wall posts contain a link to a fake Facebook page or YouTube video where once visited, Malware is served up. If the attack works, and the user is infected, the automated Facebook process is repeated, and the infected user is added to the Koobface botnet.
Trend Micro researchers did notice that if the user is using Internet Explorer 6 then the automation process fails, and Koobface will not attempt the creation process.
Koobface is easy to detect, almost all security software will snatch the various incarnations of Koobface before they can do damage. However, you need to have the security software installed and ensure it is updated before it can begin to help.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story