New Koobface Variant Installs Click Fraud Trojan and Scareware
Security researchers at the University of Alabama (UAB) recently spotted a fresh variant of Koobface worm. They put the worm for a formal analysis and found that the worm's creators used illegitimate money schemes, including click fraud through malicious advertising schemes and scareware distributed to unwary end-users.
The latest variant doesn't vary significantly from the worm's earlier versions, especially in the social engineering aspect involved. The analysis has indicated that the social engineering technique continues to be a profitable method for criminals and computer users are still indifferent to harms of it. The worm spreads through spam mails sent from compromised accounts on social-networking websites with web-links that lead to pages supposedly offering videos.
These pages claim that for watching the video, users should install a Flash Player program online that, however, turns out to be a malicious installer. Thus, when the worm gets installed on a PC, it starts intercepting browsing activities and seizes login details pertaining to user accounts on social-networking sites. The hacked details are later on utilized for sending additional spam.
Meanwhile, for the creators of Koobface to churn money, they utilize the malware to install other malicious programs like fake security software. This software referred to as rogueware/scareware exhibits fake security warnings that notify about supposed malware infection on the victim's computer. In order to remove the infection, he must acquire a paid antivirus, which too is a fake.
Another scheme that generates money involves the installation of a Trojan pertaining to click fraud operations. This Trojan works by compromising results from Google Search and compelling the web-links to lead to advertising sites.
Gary Warner, Director of Research for Computer Forensics at UAB, said - many of the web-pages that the university researchers were diverted to represented genuine advertisement affiliate schemes that would pay webmasters every time they would refer a visitor to their websites.
Warner further says that a search on Google gives normal results, but a click on the embedded links is likely to divert the user to a different site, as reported by The Washington Post on August 31, 2009. Experts therefore suggest that Web surfers stay guarded from the worm.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 19-09-2009