Koobface

Koobface
Common name Koobface VIRUS
Aliases
Classification Unknown
Type Computer worm
Subtype Computer virus
Isolation December 2008
Point of Origin [Unknown]

Koobface is a computer worm that targets users of the social networking websites Facebook (its name is an anagram of "Facebook"[1]), MySpace,[2] hi5, Bebo, Friendster and Twitter.[3] Koobface is designed to infect Microsoft Windows and Mac OS X, but also works on Linux (in a limited fashion).[4][5] Koobface ultimately attempts, upon successful infection, to gather login information for FTP sites, Facebook, and other social media platforms, but not any sensitive financial data.[6] It then uses compromised computers to build a peer-to-peer botnet. A compromised computer contacts other compromised computers to receive commands in a peer-to-peer fashion. The botnet is used to install additional pay-per-install malware on the compromised computer as well as hijack search queries to display advertisements.[7] It was first detected in December 2008 and a more potent version appeared in March 2009.[8] A study by the Information Warfare Monitor, a joint collaboration from SecDev Group and the Citizen Lab in the Munk School of Global Affairs at the University Toronto, has revealed that the operators of this scheme have generated over $2 million in revenue from June 2009 to June 2010.[6]

Koobface spreads by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites. There can also be links to the third-party website on the Facebook wall of the friend the message came from sometimes having comments like LOL or YOUTUBE. If the link is opened the trojan virus will infect the computer and the PC will become a Zombie or Host Computer.

Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.

Several variants of the worm have been identified:

Hoax Warnings

The Koobface threat is also the subject of many hoax warnings designed to trick social networking users into spreading misinformation across the Internet. Various anti-scam websites such as Snopes.com and ThatsNonsense.com have recorded many instances where alarmist messages designed to fool and panic Facebook users have begun to circulate prolifically using the widely publicized Koobface threat as bait.[15][16] Popular examples are the "Barack Obama-Clinton Scandal" hoax which was popular in 2010.

Other misconceptions have spread regarding the Koobface threat, including the false assertion that accepting "hackers" as Facebook friends will infect a victim's computer with Koobface, or that Facebook applications are themselves Koobface threats. These claims are untrue. Other rumours assert that Koobface is much more dangerous than other examples of malware and has the ability to delete all of your computer files and "burn your hard disk." However, these rumours are inspired by earlier fake virus warning hoaxes and remain false.[17]

References

  1. ^ Deibert, Ron; Rafal Rohozinski (Nov. 12, 2010). "The untouchable hackers of St. Petersburg: Meet Koobface, Facebook's evil doppelgänger". The Globe and Mail. http://www.theglobeandmail.com/news/national/time-to-lead/internet/the-untouchable-hackers-of-st-petersburg/article1795650/. Retrieved 16 November 2010. 
  2. ^ US-CERT Malicious Code Targeting Social Networking Site Users, added March 4, 2009, at 11:53 am
  3. ^ Twitter Status - Koobface malware attack, added July 9, 2009 at 11:24 am
  4. ^ New Koobface variant infects Linux systems
  5. ^ Linux Java-Based Trojan Might Have Been an Accident
  6. ^ a b Koobface: Inside a Crimeware Network
  7. ^ Information From Symantec
  8. ^ Keizer, Gregg (March 2, 2009). "Koobface worm to users: Be my Facebook friend". Computerworld. http://www.computerworld.com/s/article/9128842/Koobface_worm_to_users_Be_my_Facebook_friend?intsrc=news_ts_head. Retrieved 2009-08-31. 
  9. ^ Microsoft Virus Definition
  10. ^ Koobface malware distribution technique - automatic user account creation on FaceBook, Twitter, BlogSpot and others
  11. ^ Twitter variant as described on Trend Micro's website
  12. ^ W32/Koobfa-Gen, which affects multiple social networks, as described on Sophos's website
  13. ^ The Allure of Social Networking, describes Win32/Koobface affecting multiple social networks as described on CA's Security Advisor Research blog
  14. ^ W32.Koobface.D Information From Symantec
  15. ^ Koobface - What is it Really? article at ThatsNonsense.com, Retrieved on 26th January 2011
  16. ^ Koobface article at snopes.com website, Retrieved on 30 December 2010
  17. ^ Koobface - What is it Really? article at ThatsNonsense.com, Retrieved on 26th January 2011

External links