Trend Micro - Koobface Gets More Sophisticated and AdvancedInternet security specialists at Trend Micro have found that rogue antivirus programs are being increasingly installed on computers of unwitting users. To prove their statement right, the specialists refer to an interesting example whereby the 'Koobface botnet' extensively installs 'FAKEAV' also called rogue antivirus application on victims' computers using a dedicated code. This fact came into limelight after Trend Micro Lab has conducted an analysis of fake antivirus. However, it seems that those behind 'Koobface' have introduced a fresh trick to their bogus Facebook page using the virus. When a Facebook visitor closes the tab or window showing the bogus page, a window pops up on the screen. Thereafter, for every click of a button by the user, the new Koobface version gets downloaded on his computer. Trend Micro states that it is a script that cyber criminals are using to carry out their malicious trick, but it works when users browse the page in Internet Explorer. In a posting to the company blog, Jonell Baltazar, Advanced Threats Researcher, writes on September 17, 2009 that the special script allows limited choice for user. If a user shuts down browser, then it leads to download of a 'FAKEAV' malware that Trend Micro has detected as TROJ_FAKEAV.FGR. Further, a click on any part of the page downloads a Koobface loader that the company has identified as WORM_KOOBFACE.AZ. Discussing briefly about WORM_KOOBFACE.AZ, Trend Micro blogged in Q1-2009 that the new Koobface variant received the support of an IP address that was located somewhere else on the globe. Trend Micro also stated that there were already 300 or more distinct IP addresses that supported setup.exe, and it expects even more. All the IP addresses that Trend Micro had observed supporting the mentioned malevolent file were in reality HTML_KOOBFACE.BA. Finally, the specialists concluded that the 'Koobface botnet' continued to be a major catalyst for triggering security problems for people accessing social-networking sites such as Facebook. They also opined that 'Koobface,' 'Clampi' and 'Zeus' led the way for security damages. Experts also added that the most networked botnets were expanding to unprecedented extents, taking in distributed computing potential in huge volumes. Related article: Trend Micro Detects Spam Mail Declaring World War III » SPAMfighter News - 10/8/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
