Koobface
From Wikipedia, the free encyclopedia
| Common name | Koobface worm |
|---|---|
| Aliases |
|
| Classification | Unknown |
| Type | Computer worm |
| Subtype | Computer virus |
 |
This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (April 2009) |
Koobface, an anagram of Facebook ("face" and "book" change order and "koob" is "book" in reverse), is a computer worm that targets the users of the social networking websites Facebook, MySpace [1], hi5, Bebo, Friendster and Twitter[2]. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers.
Koobface spreads by delivering Facebook messages to people that are 'friends' of someone on Facebook whose computer has already been infected. The messages contain innocuous subject headers such as "Paris Hilton Tosses Dwarf On The Street", "LOL", and "My friend catched [sic] you on hidden cam". Upon receipt, the message directs the recipients to a third-party website unaffiliated with Facebook where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, they will infect their computer with Koobface. Koobface then commandeers their surfing activities and directs users to contaminated websites when they attempt to access search engines like Google, Yahoo, and Bing.
Several variants of the worm have been identified:
- Net-Worm.Win32.Koobface.a, which attacks MySpace
- Net-Worm.Win32.Koobface.b, which attacks Facebook.
- WORM_KOOBFACE.DC, which attacks Twitter[3].
- W32/Koobfa-Gen, which attacks Facebook, MySpace, hi5, Bebo, Friendster, myYearbook, Tagged, Netlog and fubar[4].
The Windows operating system is currently the only operating system affected by these worms.
[edit] References
- ^ US-CERT Malicious Code Targeting Social Networking Site Users, added March 4, 2009 at 11:53 am
- ^ Twitter Status - Koobface malware attack, added July 9, 2009 at 11:24 am
- ^ Twitter variant as described on Trend Micro's website
- ^ W32/Koobfa-Gen, which affects multiple social networks, as described on Sophos's website
[edit] Sources
- http://www.reuters.com/article/newsOne/idUSTRE4B37LV20081204
- http://www.kaspersky.com/news?id=207575670
- http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
- http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KOOBFACE.DC
- http://www.sophos.com/security/analyses/viruses-and-spyware/w32koobfagen.html
