Home > IT Blogs > Security Bytes > Latest Koobface Facebook campaign attracts users with erotic encounters
>>VIEW ALL POSTS  

Security Bytes

« New Trojan masquerades as Adobe update
Apache.org suffers attack, warns of password breach »
Apr 8 2010   12:18PM GMT

Latest Koobface Facebook campaign attracts users with erotic encounters



Posted by: Robert Westervelt
Koobface, social networking flaws, social engineering

There are no hidden cameras behind that link, only a malicious website, researchers at ESET say.

Researchers at security vendor ESET LLC have discovered a quickly spreading Koobface Facebook campaign that is tripping up users with the allure of “erotic encounters.”

ESET’s David Harley, research fellow and director of malware intelligence, said Koobface messages are spreading through Facebook messages claiming a link leads to hidden cameras showing erotic encounters. People duped into thinking they’re about to see a sex show get redirected to a malicious website where a pop-up message prompts the user to download a video codec to view the video. The file is a Koobface executable, which infects the victim’s machine and again attempts to use the victim’s contacts to continue spreading, Harley said.

As of this time, the Laboratory in Latin America has found and analyzed over 100 IP addresses where users whose systems are already affected are responsible for the spread of this malware. It is very important to prevent infection, not only because of the risk to your own system but because of the risk to others. Don’t trust any messages of this type that turn up in social network messaging services like Facebook. Be on the lookout for deceptive social engineering and keep your antivirus software properly updated.

Koobface has continued to be a thorn in the side of social networks since it was first detected in 2008. In addition to Facebook, it has spread on MySpace, Twitter and other networks. It’s main way of spreading is via victim friend lists, making it behave as a worm. The number of Koobface attacks changes slightly from quarter to quarter depending on what security vendor analysis report you look at.

In addition to a malicious file that attempts to continue to spread Koobface, other malware is downloaded on the infected machine. The ESET researchers have confirmed up to seven malicious files from rogue security software to password stealing and browser hijacking Trojans. The list is included below:

  • Win32/TrojanProxy.Small.NEB Trojan - A proxy.
  • Win32/PSW.Delf.NSE Trojan – A password stealing trojan
  • Win32/Qhost.NTN Trojan – Hijacks the browser and redirects to web sites of its choosing
  • Win32/Agent.QWU Trojan – An information stealing Trojan. There are lots of these and the detection is pretty generic.
  • A variant of Win32/Koobface.NCI worm – Another koobface. Not sure what makes this one different though. This is a heuristic detection
  • A variant of Win32/Koobface.NCP worm - Another koobface. Not sure what makes this one different though. This is a heuristic detection
  • Win32/Adware.Antivirus2009.AA - rogue AV software
  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Rgmoon  |   Apr 4 2011   9:27AM GMT

Facebook is providing innovative and enhanced features with every passing day. This is another addition into it. I hope it will work and will be helpful in attracting more visitors.

CBS Reality


 

Rgmoon  |   May 11 2011   7:04AM GMT

This facebook campaign will be successful because of its nice features. It is nice to see innovations with every passing day. Thanks for sharing such nice and valuable info here. Keep it up
Craigslist Springfield


 

Marianflanny  |   May 17 2011   8:26PM GMT

I still remember this Koobface virus. Damn, it was really annoying, specially since my 8-year-old daughter got infected. Had to block facebook for a while until I found the solution. Thanks to ESET for fixing it! dein deal ch


 

Gwopkid  |   Jun 5 2011   6:15PM GMT

thats very interesting advertise here is great plus i like adsense alternatives also you may likewebspace they are so great.