Koobface Worm Targets Facebook Users

Cyber criminals behind the notorious Koobface worm have recently launched a new campaign that deceives users by a Christmas themed message.

Hon Lau, Senior Security Response Manager, Symantec, said that his team had discovered the new campaign in which hackers posted a message on Facebook profiles and linked it with a bogus Facebook page or a video page, as reported by SCMagazine on December 2, 2009.

The posted message varies in spellings and sentences so that it appears different but the real one reads - "I can't fall asleep after viewing this video. I haven't seen anything like this."

The message contains a link which takes user to a Facebook page or a video page that exhibits a Christmas-themed video. Thereafter, a file known as "setup.exe" is served to the user in the form of upgrade of Flash Player or a free antivirus software that convinces him (the user) to give protection from Koobface.

Websense Security Labs claimed that 16 out of 41 antivirus products were able to detect the malicious file. As per VirusTotal, the fake Facebook link is attached with a website hosted in Switzerland and in case the user opens the infected file, the worm will enter his MySpace, Facebook and many other social networking websites. Once the worm enters the user's account, it starts sending messages to all listed contacts.

The method used by cyber criminals is a popular social engineering technique, said security experts. Koobface was first detected in 2008 and since then, it has been propagating on the Web through social networking websites. It primarily targets user credential and sensitive details such as credit card information.

Moreover, users generally trust these messages as they believe they have been sent by friends and persons listed in their contacts book. Hence, infiltrating accounts and then using those compromised accounts for sending messages with malicious links from friends is highly successful.

In last few days, Koobface applied several methods to corrupt PC around the world. The recent incidents point towards cyber criminals' ambition of continue running their business and maintain the leading position in scareware business model. For accomplishing this task, criminals are pushing new scareware variants of koobface.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 12/9/2009