Koobface virus now attacks Twitter

Cyber-criminals are trying out a new function that has been revealed in the most recent variant of Koobface, say security researchers at Trend Micro.

The function reportedly is the virus' capability of compromising the accounts of infected Twitter users, and of sending tweets to their contacts so that the latter may be infected too.

Utilizing the hijacked account of a Twitter user the new Koobface component sends tweets through cookies for Internet-browsing so that it can access other users' accounts as well. Tweets can be effectively sent while the victim remains connected to his Twitter account whilst the malicious Koobface runs invisibly.

Moreover, after recovering the so-called tweets from the 'command-and-conquer' (C&C) domain of Koobface, the Tinyurl.com is employed to condense or blur the web address provided in the tweet. Subsequently, when the user accesses the given URL, a Koobface diverter page leads him onto a bogus YouTube page, which entertains the Koobface worm pretending to be an update for Adobe Flash Player also called the notorious setup.exe.

Furthermore, drawing a comparison with the automatic propagation of the virus on Facebook where recognition of the CAPTCHA test is outsourced, it has been found unbelievably simple to target and exploit Twitter which lacks a dependable account registration system like CAPTCHA.

Additionally, the researchers state that when an infected user logs into his Twitter account, the malicious Koobface compromises the session proceedings to be able to send a tweet supposedly from the user. Here, an issue comes to the mind i.e. whether this new ability of the virus would enable it to proliferate more effectively, to which experts say that it would mainly rely on whether the beta tag is removed and the worm's special ability is brought to the mainstream.

Meanwhile, according to Kaspersky Labs, a large number of Koobface samples were generated in June 2009 so that a longer average time was available towards the launch of the malware campaigns before getting identified.

Finally, Koobface, which relies chiefly on social-engineering techniques, is now a most active virus affecting social networks such as Facebook, MySpace, Friendster, Tagged, Fubar.com, MyYearBook, Bebo and Hi5 since 2008.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 7/28/2009