Jump to content

New Koobface Campaign Spotted on Facebook

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Propagates through spam in direct messages

 

Security researchers from Trend Micro warn that a new version of the infamous Koobface worm is spreading on Facebook via direct messages. The spam lures users onto a malicious website by claiming that someone posted a video of them on YouTube.

 

Koobface is the father of all social networking worms and one of the most longest-running computer worms in general. Originally developed for MySpace, the worm has now separate versions for most social networks including Facebook, Twitter, hi5, Bebo or Friendster.

 

Koobface steals login credentials from its victims in order to propagate itself by spamming all of their social networking friends. The worm's spam campaigns are characterized by complex social engineering, usually involving a Flash Player upgrade or special video codec lure.

 

The latest version reported by Trend Micro is no different in this respect. The spam messages read "Someobdy upload a vdieo wtih you on utbue. you shuold see" followed by a link of the form http://www.facebook.com/l/ae2d7CYBUtLFPs-LAKPMtRXKpBA;www.{BLOCKED}rotherz.ca./19mai/.

 

The misspelling of the words is intentional and has been done to evade Facebook's automatic spam filters. The technique is based on the fact that humans read words as a whole and is only necessary for the first and last letters to be in correct order for the brain to deduct a particular word.

 

The link is also a well thought trick and leverages the fact that people only tend to read the beginning of the links they click on. To exploit this it redirects the malicious URL through Facebook's preview page, which causes the link to start with Willkommen bei Facebook.

 

Clicking on the link take users to a page displaying an image mimicking the YouTube player with a pop-up box that asks for a Flash Player update. Clicking anywhere on the image prompts the download of a malicious executable file detected by Trend Micro as WORM_KOOBFACE.IC.

 

 

Source:

New Koobface Campaign Spotted on Facebook - Propagates through spam in direct messages - Softpedia

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...