“Koobface” is the name of the Trojan worm that’s been making its way through the social networking site Facebook lately, but to the site’s users, it’s been simply known as “the Facebook virus.” That name will soon become a misnomer, though, because the worm is now spreading outside of Facebook’s walls to attack other social networks like Bebo, MySpace, Friendster, MyYearbook, and Blackplanet.
About Koobface
Once a computer has become infected with the Kooface worm, it spams the friends belonging to the owner of the computer by leaving comments on their profiles. Those comments appear to come from the infected user, saying things like “Are you sure this is your first acting experience?”, “is it u there?”, “impressive. i’m sure it’s you on this video”, “How can anyone get so busted by a spy camera?” and “You’re the whole show! i’m admired with you.” Save for that last one, whose bad English will likely raise a flag that all is not what it seems, the other comments appeal to people’s vanity. They wonder: is that really a video of me? and then click through on the link provided.
The link actually takes them to an off-site page which pretends to offer a video download from “YuoTube,” but then stalls saying that you’ll need a new version of Adobe’s Flash Player installed in order to continue. Of course, if you click the button to proceed with the install, you’re infected. Infected users are then directed to even more contaminated web sites when they try to use search engines, which puts them at risk of identity theft, among other things. “Search terms are directed to find-www.net,” said McAfee’s Craig Schmugar, and that “enables ad hijacking and click fraud.”
Koobface may not be the first bit of malware to hit the social networks, but it has become so widespread that it now accounts for one percent of ScanSafe’s blocked malware, said ScanSafe senior security researcher Mary Landesman. (Facebook will not disclose how many members are infected.)
What’s frightening about the spread of this Trojan is not the worm itself – it’s really nothing new in terms of malware – but the way its being spread. Over the years people have learned to be suspicious of unknown links and attachments in their emails, so the virus writers turned to hit us where we’re more vulnerable: on our social networks. Here, many people still have a feeling of comfort and security. They don’t always have their guard up.
According to Graham Cluley, senior technology consultant at Sophos, “a key factor which helps social-networking spam and malware succeed is that people are more prepared to click on a link or message if they believe it is from someone they know. The average person is used to receiving unsolicited e-mails in their regular inbox, but believe messages have more credence when they arrive via Facebook. The message is clear — people need to beware.”
Cluley also warns that the situation is going to get worse next year. There will be more attacks and they will become more sophisticated. “It will probably take a long time before the general public begins to learn that hackers and scammers are using the system for their own ends.”
How To Protect Yourself From Koobface
Besides doing the obvious – running an up-to-date antivirus, security patches, and firewalls – you should be on the look out for the following:
A sample spam message:
The malicious site:
The warning message:
You should also keep an eye on Facebook’s security page (http://www.facebook.com/security) which warns of the latest threats.
Image credits: virus, courtesy of akajos; Facebook screenshots, courtesy of McAfee Avert Labs