Here is some information we found on the KoobFace worm.  So far we have been successful in removing the virus manually.  If you think you may have this worm bring in your computer immediately to reduce your risk of identity theft.  - Thanks! - Michell, Owner - TechKnow Solutions, Inc.

 

New Koobface worm lets hackers play tricks on Facebook, MySpace members

Is there a new generation of the so-called "Koobface" worm that's been plaguing social networking sites?

Apparently so. Rik Ferguson, a researcher with computer security software maker Trend Micro, earlier this week reported on the company's Web site that he had found a new variant of Koobface, which first surfaced in December, after investigating a Facebook message he received that appeared to have come from someone on his friends list and directed him to a spoofed YouTube site. The worm contacted him after stealing his pal's log-in credentials (from a cookie created by Facebook and stored on that person's computer), accessing the pal's Facebook account and sending out messages people he listed as friends.

At the bogus YouTube site, Ferguson was asked to install a file that would supposedly update his Adobe Flash Player. The file turned out to be a program that attempted to install the new Koobface variant (known as WORM_KOOBFACE.AZ). Ferguson and his Trend Micro colleagues studied the file and found that it was being made available by more than 300 computers around the world. (This is a common trick that hackers use: by routing the malicious software through a large number of IP addresses, it is more difficult to trace the source of it back to them.)

Trend Micro found that Facebook wasn't the only social networking site to have been hit by Koobface. Variations of the phony message that Ferguson received were sent to users of 10 different sites, including Hi5, Friendster and MySpace. Trend Micro recommends that Web users ignore these messages and refrain from clicking on them (even out of curiosity). Fortunately, this latest incarnation of Koobface doesn't appear to be widespread. Trend Micro has only found 28 computers infected by it worldwide (26 in the U.S. and the other two in France).

It's been a rough several days for Facebook from a security perspective: Four hoax applications have surfaced on the site, in addition to the Koobface problem, BBC News reports. One of these malicious applications tries to trick people into adding it by claiming that their friends were having trouble looking at their profiles. If the application is added it spams itself to every Facebook friend that a member of the site has, according to the BBC.

Facebook has tried to alleviate the problem of hackers targeting its members. In November, the company launched its application verification program, through which software developers could have their work inspected before it was added to the Facebook site. For their troubles (as well as a $375 fee), developers' software making the grade would receive a verification badge graphic as a symbol that the application was trustworthy and safe for members to use. Facebook's verification process is optional, but CNET in November reported that other social networks, including LinkedIn, require all apps to go through a verification process before they can go live.

 

 

Identity Theft Worm "Koobface" Strikes Social Networking Site Facebook

Koobface, a malicious virus that attacks users with spyware and then hacks their system for passwords and credit card numbers, has now been found on Facebook.

Many people enjoy networking and keeping track of friends and family through sites such as Facebook and MySpace which makes Koobface a challenge to those that frequent social networking sites.

How does Koobface work?

According to reports, the virus spreads via messages sent between friends on the site.

When one user is infected, his or her account will send messages to friends like, "you just look awesome in this new movie!" or "they said some bad things about you. Click here to see them." Of course, most Facebook users can't help but want to find out exactly what these messages mean. Even those distant, grade nine friend-of-friends will make many users of the site click on to find out more about all the juicy gossip. (Source: telegraph.co.uk)

If users do click on the link, they'll be led to a site asking them to update to a newer version of Adobe's Flash player. Downloading that bogus software will instead infect the victim's computer with a nasty worm that searches out personal information that can help hackers steal identities. Of course, social security and credit card numbers, along with banking passwords, are gold mines.

Spokesman for Facebook Barry Schnitt denies rumors that the site may have already been hit hard by Koobface;

"Only a very small percentage of Facebook users have been affected, and we're working quickly to update our security systems to minimize any further impact," he assured millions of worried users.

Craig Schmugar of McAfee Avert Labs said Koobface messages are likely to come from infected friends. The best advice is to be wary of Facebook messages, which could actually be from the Koobface worm. Facebook has posted a message on its security page advising users to install the latest antivirus software. Users who have been affected, the company added, should change their password. McAfee also warns against following unexpected hyperlinks, and adds that it's best to install software and updates from the source, whether Adobe or some other provider, instead of trusting content from a third-party site.

Facebook has not disclosed how many of its more than 120 million members have been infected with the virus.

"You must run an up-to-date antivirus, security patches, and firewalls," Graham Cluley, a senior technology consultant at Sophos advised. "That will not only help you defend your computer if you click on a dangerous link, but it will also help reduce the chance of a hacker stealing your Facebook identity and using it to spread messages to your network of friends."

Is this a serious threat? It's serious in the sense that Facebook users are receiving spam messages on their wall or Facebook inbox pointing to malicious content, said Cluely.

"A key factor which helps social-networking spam and malware succeed is that people are more prepared to click on a link or message if they believe it is from someone they know," Cluley said. "The average person is used to receiving unsolicited e-mails in their regular inbox, but believe messages have more credence when they arrive via Facebook. The message is clear -- people need to beware.".

 

By Denise Richardson on December 8, 2008