|WikiProject Computer Security / Computing|
The "to gather sensitive information from the victims such as credit card numbers. " is completely false. In the report publishes by Infowar (http://www.infowar-monitor.net/reports/iwm-koobface.pdf) it was confirmed by the the research group who dissected the workings of this malware that the creators of koobface never stole financial data. —Preceding unsigned comment added by Mrbrt86 (talk • contribs) 20:09, 14 November 2010 (UTC)
The "Microsoft removal tool fixes this, and has also fixed over 800,000 variants of other bad things" seems out of place. I'm going to cut it out of the page. If anyone has any objections, kindly put them here before reverting my edit. —Preceding unsigned comment added by 126.96.36.199 (talk) 20:08, 31 March 2010 (UTC)
Split up Facebook and MySpace variants
- The article, as written, primarily discusses Facebook. The MySpace and Facebook variants should be separated into different sections, with more content added regarding the MySpace variant. I'd do it myself but I don't have the time at the moment. Just leaving this here in case someone else can get to it before I can. Cheers, Caben42 (talk) 22:51, 5 December 2008 (UTC)
How is this a worm?
How could this possibly be a worm? It looks just like the ordinary virus to me, except it spreads through Facebook. Users have to voluntarily download and run the payload in order to be infected. So, this is in no way a worm, or a problem with Facebook/Myspace. It's just users choosing to run the wrong program. Totally over-hyped. 188.8.131.52 (talk) 01:40, 27 January 2009 (UTC)
It doesn't spread through Facebook in Myspace, people are just tricked into downloading the software, which then spreads throughout the Windows folder. Sounds like a worm to me. —Preceding unsigned comment added by 184.108.40.206 (talk) 22:29, 25 April 2009 (UTC)
The definition of a worm says that it spreads without human activity. Classically (Morris worm) this spreading was through security vulnerabilities. Koobface does not exploit security holes - it tricks the users into installing it, much like the original Trojan Horse. I agree this is not so much a worm. The security vulnerability is between the keyboard and the chair. :) 220.127.116.11 (talk) 15:31, 14 October 2009 (UTC)
I got infected with this worm
I think there are other ways of getting this virus off of facebook.. I just joined facebook a couple of weeks ago and have already been infected with the Koobface worm.. However i never recieved any strange message from anyone, nor was i ever promted to download adobe flash player.. I never ever download things from the interenet, nor would i ever approve an upgrade of my flashplayer off an unfamiliar website.. I have been racking my brain trying to figure out how this happened.. It took me about 3 days to clean my computer out after i was infected.. And I had more then just the Koobface worm in my computer, i also had numerous trojan horses that all showed up in my computer after joining facebook.. And have no idea why my virus program did not pick it up, i had to get a new antivirus program and also had to scan my computer with Malwarbytes to get rid of them.. --Ltshears (talk) 17:56, 24 May 2009 (UTC) The same thing happened to me on facebook and Malwarebytes did the trick it seemed. 9-10-2009
- Ltshears account looks highly suspect to me. Don't take ant-virus advice from strangers on Wikipedia; malwarebytes (or a misspelling!) could be a trojan anti-virus application, yes they exist. Facebook has a help facility and a security page with recommended anti-virus and malware scanners, their info is far less likely to be compromised - facebook.com/security. Pbhj (talk) 13:54, 16 November 2009 (UTC)
a DNS filter program
That's not what the external link says. What the external link says is that Koobface includes an element which alters your DNS settings to use a rouge DNS server. If so, and however it is achieved, there is no 'filtering' going on in the downloaded compenent —Preceding unsigned comment added by 18.104.22.168 (talk) 03:12, 8 August 2010 (UTC)
Effectiveness against Linux?
I ran several tests with Koobface and various Linux distros.
It appears that infection requires the user to literally click on "Run" button when the Java Applet opens a new dialog window. IF the user clicks "Cancel" button; infection does not occur at all!
As well, if a user of a Linux system reboots (or shuts down the system and starts it up again at a later time); the infection is undone. This is because there was no intention to specifically write the malware for Linux; so no start-up script or component was included. —Preceding unsigned comment added by 22.214.171.124 (talk) 05:04, 14 November 2010 (UTC)