The latest version of the malware uses a holiday greeting to spread infections via Facebook.
Security researchers at PandaLabs have discovered a new variant of the Koobface malware targeting holiday cheery users of social networking giant Facebook.
Koobface.GK consists of a Christmas message contained in a video hosted on a fake YouTube page. If a person plays the video or clicks on a link on the Web page, users will be force downloaded the malware. The message from antivirus vendors is to ensure that signatures are up to date because nearly all of the Koobface variants can be detected. Symantec researchers issued a Koobface alert back in November.
Luis Corrons, technical director of PandaLabs warned that hackers continue to take advantage of the increasing level of trust fostered on social networks. Users of social networks are more likely to click on a link from someone they don’t know, he said.
“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” Corrons said.
The latest Koobface variant is tricky because once installed it deploys a captcha image prompting users to enter a response. If the victims fail to enter the correct response, the worm threatens to reboot the PC. If the victim enters the correct captcha response, Koobface registers a new domain to host the video in order to continue to spread itself, Corrons said. Ultimately the machine is turned into a zombie, part of a Koobface botnet.
The cybercriminals behind Koobface are working to spread the worm as quickly as possible. In its 2009 annual cybersecurity report, Cisco Systems Inc. said social networking attacks represent a cash cow for Internet fraudsters. Estimates indicate that almost 3 million computers have been infected with Koobface, Cisco said. With an active user base of 350 million users, even smaller attacks can be lucrative. The networking giant gave the Koobface worm an award for “Most notable criminal innovation,” in its recent report.
Symantec’s Hon Lau summed up the holiday attacks best:
This is not the first Christmas-related malware campaign so far this year and it will certainly not be the last.
Now go update your signatures.