Koobface Spreading in a Novel Way

According to David Harley, "the Director of malware intelligence for ESET" the latest method used by Koobface to attack users system is quite different, as the worm only attacks the user the first time he accesses the website, as reported by Infosecurity.com on April 8, 2010.

Every time the user tries to access the site, a page-not-found error, also called '404 error', is generated, according to Harley. This is done so that attackers can hamper security researchers' work, especially to prevent them from assessing the next variants of the virus.

Elaborating the attack, the Director stated that Koobface e-mails are proliferating via Facebook that claims that a Web-link can take the user onto concealed cameras revealing encounters of erotic nature, as per the statement published by searchsecurity.techtarget.com.au on April 9, 2010.

The e-mails, however, deceive users into thinking that they will shortly watch a sex video, but actually diverts them onto a malevolent website, which tells them that they must download certain codec for watching the film. Harley says that the codec is actually a Koobface executable that not only contaminates the victims' computers but also starts spreading to all their contacts.

Worryingly, researchers at ESET have said that the Koobface's latest attacks distribute around 7 malicious programs as varied as fake security software, browser-compromising malware and password-stealing Trojans.

Notably, Koobface has all along been a disturbance on social networks right from the time of its first detection during 2008.

Along with Facebook, it has disseminated across Twitter, MySpace and other social-networking websites. The key method of its proliferation is through the victim's contacts. Astoundingly, the number of assaults from Koobface alters by minor proportions from one quarter to another based on the analyses of different security vendors.

Hence, with alarming attack, it's extremely vital to stop the infection, not just due to the end-users own computer being at risk, but also because it is a risk for others as well, ESET outlines.

Harley cautions users that they should not trust these kinds of e-mails, arriving through social-networking sites, while remain vigilant of spurious social engineering and keep their anti-virus programs up-to-date, as reported by USAToday.com on April 8, 2010.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 4/19/2010