Koobface Hackers Now Monitor Victims

According to the security vendor Trend Micro, the masterminds behind the notorious Koobface worm (that attacks users of social networking websites) have now added a new code created to examine the success of their endeavors.

Koobface is basically a computer worm that targets the Microsoft Windows users and finally tries to successfully inject malware to collect sensitive information from the victims such as bank details and credit card numbers. Koobface was first acknowledged in December 2008, and a more powerful version appeared in March 2009.

Joey Costoya, Advanced Threat Researcher at Trend Micro, disclosed that the new tracking code had been spotted on bogus YouTube pages identical with the bot that allowed the gang behind Koobface to examine the page hits, as reported by ITPRO on August 2, 2010.

The tracking code employs a hit counter web service for the monitoring process. Data seen by the researcher from the hit count page confirmed that the gang began using the monitoring method on 28 July 2010. According to the security firm, there had been 126,717 exclusive page hits since then.

Joey Costoya, Advanced Threat Researcher at Trend Micro explained that some days ago those pages started to incorporate a small JavaScript code which facilitated the Koobface gang to straight away watch page hits, as reported by V3 on August 2, 2010.

He further stated that the tracking code was positioned at the end of the page, which was pressed way beneath, by many <br> [line break] tags.

As per the reports, the gang monitors the activity on an hourly basis that enables the gang to compare the user activity (on the basis of time of day) and the infection count of Koobface.

Commenting on the methodology of cybercriminals, the security experts said that it demonstrated the escalating sophisticated methods employed by the cyber criminals to improve the success of their plans. Koobface had earlier targeted online services including shared content and had attacked a number of many prominent websites since its inception.

In the year 2009, it struck Facebook as well as Google Reader users and was titled as a dangerous threat by F-Secure.

Hence, the security researchers recommended users to install all the essential security solutions into the systems and always keep them updated. Besides, users should keep themselves alert about various ongoing security threats.

Related article: Koobface Worm Still Active on Facebook Through Hacked Accounts

» SPAMfighter News - 8/11/2010