Koobface Worm Still Active on Facebook Through Hacked Accounts

As per a security alert released by internet security firm, Websense, a computer worm Koobface that originally started spreading in July 2008 is still active, as reported by ZDnet on November 10, 2008.

The security e-mail reveals that user accounts after infection are manipulated to send messages to Facebook friends' addresses. This message is enticing and contains a link which uses a Facebook open redirector. When recipient opens the link, he is automatically diverted several times, finally landing on a spoofed YouTube site that delivers a malicious Trojan downloader.

Koobface worm depends mainly on already hijacked Facebook accounts for propagation. It uses hacked accounts as base for its social engineering campaigns and passwords acquired by malware authors through a set of tricks.

However, the campaign exploits an authentic hosting provider while Geocities act as the primary redirection point. An interesting thing about the campaign is that the malicious program dropper tries to download additional malware that makes infected host to relay spam messages from a different but legitimate site.

Furthermore, Facebook has been targeted by cyber criminals, especially Nigerian scammers who use hijacked accounts to defraud users off their cash. But as less tech savvy users now know that ignore messages and links from unknown sources, cyber thieves have shifted their focus towards social networking sites after realizing that they can trick people much easily by pretending to be their friends.

Meantime, although Koobface has been prevailing since July 2008, it re-emerged more recently. The creators of the worm have applied several tricks to bypass Facebook filters, such as abusing Facebook's instant messaging utility as well as hosting their malevolent links on Websites like Bloglines and Tinyurl.com.

However, all round the year, Facebook has been following the current malware developments and changing according to the new situations. While the site has been cautioning users against the potential malicious links, or raising awareness of the recent CAPTCHA mechanism for shady links, these utilities are just the beginning of the fight against malware campaigns abusing social networks.

Related article: Koobface Worm Attacks Facebook & Other Social Sites

» SPAMfighter News - 24-11-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial