Network News

X My Profile
View More Activity

"Koobface" Worm Resurfaces on Facebook, MySpace

Security experts are warning users of Facebook, MySpace and other social networking communities to be on guard against a new strain of the "Koobface" worm, which spreads by tricking users into responding to a message apparently sent from one of their friends.

The latest version of Koobface arrives as an invitation from a user's friend or contact, inviting the recipient to click on a link and view a video at a counterfeit YouTube site. Visitors are told they need need to install an Adobe Flash plug-in to view the video.

The bogus plug-in instead installs a Trojan horse program that gives Koobface author(s) control over the infected user's computer, according to security firm Trend Micro, which documented the new strain on its blog.

In addition, the worm also hijacks the victim's social networking account, by sending out additional invites in order to spread the worm to the victim's friends and contacts. The worm currently is spreading across multiple networks, including hi5.com, friendster.com, myyearbook.com, bebo.com and livejournal.com.

Trend also reports at least two different bogus Facebook apps being used to harvest users' personal data. Last week, a rogue Facebook app called "The Error Check System" quickly spread among Facebook users, arriving in a notification that told users that one of their friends "has faced some errors when checking your profile." Hours later, Trend spotted another rogue Facebook app, which urged recipients to click a link to find out why they had supposedly been reported to Facebook for violating the site's terms of service.

It's important to note that practicing basic online street smarts can save you from falling for these types of attacks, regardless of the medium. As always, be extremely cautious about clicking on links in unsolicited messages, even if they appear to have been sent by a friend or acquaintance. Also, don't install applications or programs if you didn't go looking for them. Before you install anything, take a few minutes to research the program and its vendor first. If you decide to install the application, make sure to download it directly from the vendor's Web site, if possible.

By Brian Krebs  |  March 2, 2009; 4:15 PM ET
Categories:  Latest Warnings , Safety Tips , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft: Attackers Target Unpatched Excel Flaw
Next: From (& To) Russia, With Love

Comments

Facebook suffers many security issues. My research documents reports of the Koobface worm infecting (or attempting to infect) workplace-related computers by way of Facebook. Employers/organizations thus have security as a reason to block social network sites. http://computersafety.wordpress.com/2009/01/19/security-threat-facebook-and-myspace-at-work/ --Ben

Posted by: benjaminwright | March 2, 2009 8:01 PM | Report abuse

I was on facebook the other day and received several notifications about people getting errors when viewing my profile. I thought it sounded really suspicious, and I'm glad I didn't look any further into it.

I wonder, is there any way for facebook to stop unadded applications from sending you unsolicited notifications?

Posted by: phantomsnitch | March 3, 2009 9:20 AM | Report abuse

Just another reason NOT to use these sites. It always seems that they are riddled with problems and always cause havoc on the net.

Posted by: mmcgrane | March 3, 2009 10:30 AM | Report abuse

Same problem different day: Bad guys "human-engineer" access to target systems by exploiting the gullibilities of site users (trust, greed, sex, etc.). Only the mechanics have changed... slightly.

When social networking sites started providing user access to unvetted 3rd party "applets" the party started.

And why is it that antivirus/antimalware protected Windows machines are compromised daily while, after years with no protection, my Mac and Linux systems are trouble free? Perhaps Microsoft's vision of global operating system and software domination in itself is its greatest weakness?

It boils down to the "terrible three".

1. Gullible/uneducated/undisciplined users
2. Poor site/network security practices
3. Incredibly vulnerable operating system

Posted by: gomberg1 | March 3, 2009 11:36 AM | Report abuse

I'm not a Facebookie nor a MySpacer but in this explosion of social networking orgs I've joined Twitter which I use more for mining information. Some of the Old Guys @ the Local Public Park have been yakking about their latest Facebook Friends so I forwarded this Brian Krebs column to them. If it keeps even one person from being infected by this insidious worm than it's worth being called an alarmist.

Posted by: wotten1 | March 3, 2009 11:50 AM | Report abuse

Employers have to block social networks. Not because of risk but because of productivity: they eat a lot of time.

Risk doesn't come from social networks, it comes from simple lack of education and follow through. Employers must regularly teach employees about all security issues, with consequences if something goes wrong, and put out a bulletin about any new risks such as this one. If you can make it part of the corporate culture, even better. If you empty the coffee pot you make more, you don't click on links in email or download files, etc.

- Believe it or not my computer hasn't been infected in 7 - 8 years and keeping it that way has taken very little time or hassle. I don't specialize in computers, I'm just careful.

- And I confess to having nothing but scorn for Facebook until a friend who's kept up with people I used to know convinced me. It's been worth it, both socially and professionally, but the professional aspect is because I'm a freelancer. But I avoid the whole 'friending' thing.

Posted by: ekovar | March 3, 2009 1:28 PM | Report abuse

Same problem different day: Bad guys "human-engineer" access to target systems by exploiting the gullibilities of site users (trust, greed, sex, etc.). Only the mechanics have changed... slightly.

When social networking sites started providing user access to unvetted 3rd party "applets" the party started.

And why is it that antivirus/antimalware protected Windows machines are compromised daily while, after years with no protection, my Mac and Linux systems are trouble free? Perhaps Microsoft's vision of global operating system and software domination in itself is its greatest weakness?

It boils down to the "terrible three".

1. Gullible/uneducated/undisciplined users
2. Poor site/network security practices
3. Incredibly vulnerable operating system


Posted by: gomberg1 | March 3, 2009 11:36 AM


A typical Mac user. Mac PC's are just as susceptible to these attacks as Windows. However since you seem to be a little bit ahead of the curve you're smart enough to avoid the OBVIOUS. But to say that Mac's are safer is plain stupidity. But then again that seems to be the standard for Mac users. They live it their own little make believe world. How sad.

Posted by: askgees | March 3, 2009 1:52 PM | Report abuse

just take a look at the comments here and you will see the hints of who created and send the worm: employers decided to define others life.
I do not like Facebook but it is useful and fun for many people. Free access to full internet resources and secure OS is needed, nothing else.

Posted by: HenriB | March 3, 2009 2:18 PM | Report abuse

I don't see how it 'resurfaced' it never went away, these fake youtube sites are up everywhere they use a GIF used to look like the video is loading and a popup to show you need to install some sort of plugin to make it work and ofcourse the plugin is a trojan.

Posted by: OrderZero | March 3, 2009 3:09 PM | Report abuse

"A typical Mac user. Mac PC's are just as susceptible to these attacks as Windows. However since you seem to be a little bit ahead of the curve you're smart enough to avoid the OBVIOUS. But to say that Mac's are safer is plain stupidity. But then again that seems to be the standard for Mac users. They live it their own little make believe world. How sad."

how sad indeed to see such untruth in print. the suggestion that the Mac OS or any other UNIX-based system is even remotely as vulnerable as microsoft's tawdry offerings, indicates that the speaker is either an ignoramus, a liar, or a lunatic.


Posted by: kloro2006 | March 3, 2009 4:45 PM | Report abuse

I think this just spread to Windows Instant messenger live. I do not belong to any social networking sites, just forums. Only recently added Live. You will be forced to log in through your browser if you do not wish to upgrade. Error message requests your firewall settings!

I did not know the person, but he was "apparently" an officer of SEIU, and was referring folks to various youtube clips.

Posted by: befuddled86 | March 3, 2009 7:02 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company