Koobface wants some face-to-face time on your system

by Steve Ragan - Mar 3 2009, 17:05

The Koobface Worm, a bit of Malware discovered in 2008, has started to crop up again on social networking sites. Ironic as it seems, the Worm was noticed this week on Facebook, but has spread to nine other social networking portals. Propagation remains the same, Social Engineering.

Trend Micro researchers are reporting that the newest variant of Koobface is using old tricks, but adding some interesting characteristics. Like previous versions of Koobface and similar Worms, the user is lured with a bit of Social Engineering. The user is asked via private message to view a video of them posted online. They are led to a website that is an almost perfect clone of YouTube. While on the page, the people who have created the Worm scheme even go so far as to pull the friend’s Facebook profile image onto the rogue site.

While the example in the Trend Micro report uses Facebook, they have confirmed that Koobface is moving about online. It has been reported infecting users on MySpace, My Yearbook, Friendster, Tagged, Netlog, Bebo, Fubar, hi5, and LiveJournal.

Social networking sites have been targeted in the past, however, the past week has shown a severe jump in the number of cases where users on popular portals are being singled out, either with a rogue application stealing information or an actual Malware attack.

Another interesting trend, seen in the Trend Micro warning and spotted by researchers at PandaLabs, is the increase in “VideoPlay” infections. VideoPlay infections are exactly what they sound like. Users are asked to play a video but before that can happen they need to install something, which is always Malware. This is exactly how Koobface is moving around, and there have been countless examples over the past few months where other attacks use this method.

So often is this tactic of VideoPlay used; PandaLabs reported a 400 percent jump in the infection rate from January to February of this year. The main reason attributed to this increase is the use of popular sites such as Digg.com or YouTube to distribute this Malware.

“This is another example of how cyber-crooks are using the most popular Web pages and social engineering to distribute malware massively,” said Luis Corrons, Technical Director of PandaLabs. “Users should remember that even though they may be visiting trusted websites, they should always be on their guard, and in particular, watch out for sensationalist headlines, as these are typically used to trick users and infect the computers.”

The Tech Herald: Jesus endorses Obama; Four Horsemen opt for McCain
The Tech Herald: Digg accounts used to spread codec Malware
The Tech Herald: Malware aimed at tweens downloading HSM3 content

Around the Web