The Register® — Biting the hand that feeds IT

Feeds

Facebook worm hijacks web search

Koobface shows its ugly mug again

By John Leyden, 8th December 2008
  • print
  • alert

Agentless Backup is Not a Myth

A new variant of the Koobface worm has returned to menace users of Facebook.

As before, the malware generates messages to friends of infected users on the social networking website. These messages direct the unwary into visiting websites that supposedly offer video clips. Would-be marks are told they need the latest copy of Adobe Flash to view this content and are prompted to download a file, which actually contains the worm's payload.

If the code executes on a vulnerable Windows PC the user gets infected. The worm's lifecycle then begins anew, ready to target their Facebook friends too.

The malware was first spotted in late July. Like a nasty case of herpes it flared up again last week, months after the initial attack.

The latest variant of the malware typically comes in a less salacious package. The first wave of infections came with messages such as "Paris Hilton Tosses Dwarf On The Street" whereas the latest variant is more likely to pose as "secret video by Tom" or some such. The latest Koobface variant is programmed to hijack search queries and divert infected users to bogus sites, benefiting crooks through related ad hijacking and click fraud in the process.

Facebook's advice for dealing with the worm can be found here. The social networking utility is in the process of purging spammed links to the malware from its systems, reports McAfee, which has a full write-up of the threat here. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (5)
Latest Comments
Anonymous Coward

Farcebook

I thought that was the worm,/trojan...It will never see the light of day in my household (i've blocked it).

0
0
Anonymous Coward

Sexually Transmitted Infections

....."targets Facebook users"

No big loss there.

0
0
TeeCee

@KenBW2

Nah, these are Facebook lusers. You're crediting them with waaaay too much intelligence.

The only thing it'll cause is a sh*t load of support calls to various friends / organisations / mates from the pub from people wanting to know why their funny video won't play even though they've installed the right codec when prompted.

Any explanation of the worm / fake codec, its effects and such will be countered with: "So, how *do* I get the funny video to play then?"

Flames, 'cos like most who understand computers I know a lot of people who a) don't and b) have my phone number........

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17