-
Koobface Strikes Facebook, MySpace Again
Techtree News Staff, Dec 01, 2009 1500 hrs ISTThis Christmas might not be that merry for your PC
This festive season, beware of the Koobface malware that can infect your PC.
Websense Security Labs ThreatSeeker Network has discovered that the Koobface malware campaign is now using a Christmas theme. Recent developments by Koobface have included use of Google Reader.
The Koobface website offers a video posted by 'SantA'. The usual ruse of requiring a codec to watch the video is used to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products, according to VirusTotal.
Screenshot of the Koobface website:
On the compromised Facebook page, the user is presented with a link to ch[removed]cher.ch, which is a compromised site in Switzerland. The user is redirected to one of several Koobface websites through a malicious Flash movie file hosted on the compromised site.
Screenshot of the malicious wall posts:
If the user runs the infected file, the worm will automatically login to their Facebook, MySpace, and several other social networking sites and send messages to all their friends.
This is not the first time that the Koobface worm has infected social networking websites. Cases of the same have been reported in the past too.
Images courtesy: Websense
Websense Security Labs ThreatSeeker Network has discovered that the Koobface malware campaign is now using a Christmas theme. Recent developments by Koobface have included use of Google Reader.
The Koobface website offers a video posted by 'SantA'. The usual ruse of requiring a codec to watch the video is used to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products, according to VirusTotal.
Screenshot of the Koobface website:
On the compromised Facebook page, the user is presented with a link to ch[removed]cher.ch, which is a compromised site in Switzerland. The user is redirected to one of several Koobface websites through a malicious Flash movie file hosted on the compromised site.
Screenshot of the malicious wall posts:
If the user runs the infected file, the worm will automatically login to their Facebook, MySpace, and several other social networking sites and send messages to all their friends.
This is not the first time that the Koobface worm has infected social networking websites. Cases of the same have been reported in the past too.
Images courtesy: Websense
Related Links
Discussion Board
(2) Comments
kidus
,adis abeba, on Dec 02, 2009 06:26 AM
Report abuse
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls