Worm Rains on Facebook’s Parade
Just as Facebook unleashes its Facebook Connect program that ties the site in with any other site who wants to be involved, some virus has to come along and rain on the parade. The Koobface virus, which has in actuality been around for the majority of the year, is not directly related to Facebook Connect, but casts a shadow of vulnerability on Facebook in general.
What to Look For
Like most viruses, this one relies on deceit, and tries to get users to download it using a non-existent video as bait. David Sarno at the LA Times explains:
The virus’ most insidious property is that users receive the offending message from a friend: On Facebook, only people whom users have explicitly approved as friends can send them e-mails.
The Koobface e-mails have a subject like "You look so amazing funny on our new video," and contain a link to a YouTube-like video site that appears to contain a movie clip (see image). The video, however, doesn’t play, and the website then asks the user to update his or her video software by downloading a file. It’s that file that contains the malicious code.
McAfee provides more information about Koobface and shows a screenshot of a possible page that users could land on to get to it:
What it Does
"As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets," said security firm Kaspersky Lab when it reported on two variants of Koobface back in July. One variant targeted Facebook, while the other targeted MySpace.
Facebook’s security page says, "We’re currently helping our users with the recently discovered "Koobface" worm and phishing sites. If your account has recently been used to send spam, please visit one of the online antivirus scanners from the Helpful Links list, and reset your password here." The links list is as follows:
The worm must be affecting a lot of people now to make its way though the news so much all of a sudden. It’s been around for months, yet we haven’t heard much about it until now. Facebook users who have accounts that have been in jeopardy have been receiving emails about how to proceed.