Mutant Koobface Worm Targets Skype Accounts

Security company 'SophosLabs' has discovered a transformed Koobface virus that is capable of attacking Skype accounts. As per a researcher at SophosLabs, Numaan Huq, the latest kind of Koobface implements several API (Application Programming Interface) commands to steal private information from users of Skype, as per the reports by TGDAILY on November 20, 2009.

W32/Koobfa-O (new variant of Koobface) collects information such as HOMEPAGE, PHONE_MOBILE, ABOUT, PHONE_OFFICE, CITY, PHONE_HOME, COUNTRY, FULLNAME, BIRTHDAY, PSTN_BALANCE, etc. The collected details are assembled in a file that is packed in the form of a RAR archive. This file is either e-mailed or downloaded to a server located remotely.

The virus then connects to Skype chat by presenting itself as the user. Thereafter, it starts conversation with friends and listed persons online. In the text of the virus, there are several scraps of conversation in eighteen different languages which include few Asian languages.

Jonathan Leopando, a member of Trend's Technical Communications Team, wrote that they also reported an identical Koobface attack, as per the news by V3 on November 26, 2009. Trend Micro also added that it had found Koobface variant - TROJ_VILSEL.EA. It can use Skype's in-built instant messaging capacity to send links to people on the attacked contact list of the user,

But Leopando described that the new virus was not a variant of the Koobface family. He also informed that both the harmful code and network behaviour vary from earlier identified Koobface variants. In fact, it will not be a surprise if the real Koobface cyber attackers come up with their own kind.

This development also throws light on the cleverness of cyber attackers in chasing targets using well tried-and tested methods to circulate their harmful designs, said Leopando.

Commenting on Koobface, security experts at Trend Micro said that after one year of its finding, Koobface was still producing a lot of noise, not because of its high activity level over the last few weeks. However, one year is a pretty long time for a malware to stay alive. The malware is still going strong, productively expanding its reach to other social networking websites and making space for a new generation of malware that circulates through social networking websites.

» SPAMfighter News - 12/4/2009