Koobface Botnet Uses Google Reader in New Attacks
According to Trend Micro, the Koobface botnet is up to leverage a fresh trick. It is utilizing regulated Google Reader accounts for supporting images, which end up in malware.
A web-based news reader, Google Reader, is a public shared utility through which surfers exchange web-links with others.
Security researchers said - during the abovementioned assault, the perpetrators of Koobface send spam mails that take users to hijacked web-pages of Google Reader, while the criminals utilize its regulated accounts for supporting URLs that carry a picture imitating a flash video. To spam these URLs, the perpetrators resort to social-networking websites like MySpace, Twitter and Facebook.
If users click on any of the bogus videos placed on a compromised web-page, it redirects the entire traffic to a bogus YouTube page. This YouTube page hosts koobface, attempts to install malware and executes an exploit remotely.
Rik Ferguson, Senior Security Advisor at Trend Micro, states that there is a little difference in the new attack from the normal Koobface assaults that emerged earlier in 2009, as reported by V3 on November 10, 2009. According to the security company, an estimated 1,300 accounts have been under the hackers' control.
Moreover, the security researchers state that malicious programs creators are yet again exploiting the names of established entities like Google.com so that they can acquire their victims' trust. According to Ferguson, cyber criminals are exploiting Google's trustworthiness by using Google Reader to conceal their vicious URLs.
He continues that the tactic is a fresh turn to the usual Koobface attack as it suggests victims to download up-to-date Adobe Flash programs so that they can watch a movie, apparently being exchanged on the website of Google Reader.
Additionally, the researchers say that the virus along with its botnet has become infamous within the industry as it has been persistently attacking social-networking websites, first targeting Facebook and MySpace in 2008 and now, Twitter in 2009.
The recent infringement once again demonstrates blackhat hackers' increased inclination towards cloud computing in launching attacks that even puts Google in danger, the investigators opine.
Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts
» SPAMfighter News - 20-11-2009