Wednesday, December 10, 2008

Koobface Worm Reaches Out To More Sites

Researchers at security vendor F-Secure said yesterday in a blog about the Koobface worm that the new infection is designed to spread to other popular social networking sites, including,,, and

The Koobface worm has been spreading like wildfire through Facebook since it was first reported last week by McAfee Avert Labs. The virus uses Facebook's private messaging system to spread itself across the social networking site. Facebook users receive a message from an infected profile that offers them a video link paired with the message, "You look just awesome in this new movie." The link takes users to a separate Website that recommends installing an update to watch the video. But the download is actually the virus itself, and installing it leads to another infected computer.

"Facebook is already aware of this [new] threat and is purging the spammed links from their system. But with dozens of Koobface variants known to exist, the situation is likely to get worse before it gets better," Craig Schmugar of McAfee Avert Labs wrote on the company's blog. "It's important to note that spammed links leading to Koobface are likely to come from infected friends, reminiscent of early mass-mailing worms."

The newest version of Koobface (W32/Koobface.CZ) is actually a resurgence of an older version of the same virus which was reported by Kaspersky Labs in July. Kaspersky warned users then that the two variants the new worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, where capable of attacks on both MySpace and Facebook.

If the virus is not properly removed it will turn affected computers into "zombies" or bots, allowing hackers to control those infected computers to either spread more malicious code or ro carry out attacks on other systems.

Facebook has posted generic instructions for it's users to follow on how to remove the infection. Essentially they tell users to change their passwords and immediately run a virus scan using one of these sites:
Even if you haven't been hit with the virus I'd suggest you take a proactive approach and download one of the several free antivirus programs such as AVG, Avira or Avast. And as I always point out a little common sense browsing goes a long way. If you reach a site that tells you you need to update your software its always best to leave and go directly to the software vendor's site.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you