Koobface
Common name | Koobface |
---|---|
Aliases |
|
Type | Computer worm |
Subtype | Malware |
Point of origin | Russia |
Koobface is a network worm that attacks
Infection
Koobface ultimately attempts, upon successful infection, to gather login information for
Koobface originally spread by delivering Facebook messages to people who are "friends" of a Facebook user whose computer had already been infected. Upon receipt, the message directs the recipients to a third-party website (or another Koobface infected PC), where they are prompted to download what is purported to be an update of the
Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC. At one time the Koobface gang also used Limbo, a password stealing program.
Several variants of the worm have been identified:
- Worm:Win32/Koobface.gen!F[13]
- Net-Worm.Win32.Koobface.a, which attacks MySpace
- Net-Worm.Win32.Koobface.b, which attacks Facebook[14]
- WORM_KOOBFACE.DC, which attacks Twitter[15]
- W32/Koobfa-Gen, which attacks
- W32.Koobface.D[18]
- OSX/Koobface.A, a Mac version which spreads via social networks such as Facebook, MySpace and Twitter.[19]
In January 2012, the New York Times reported[20] that Facebook was planning to share information about the Koobface gang, and name those it believed were responsible. Investigations by German researcher Jan Droemer[21] and the University of Alabama at Birmingham's Center for Information Assurance and Joint Forensics Research[22] were said to have helped uncover the identities of those responsible.
Facebook finally revealed the names of the suspects behind the worm on January 17, 2012. They include
Hoax warnings
The Koobface threat is also the subject of many hoax warnings designed to trick social networking users into spreading misinformation across the Internet. Various anti-scam websites such as Snopes.com and ThatsNonsense.com have recorded many instances where alarmist messages designed to fool and panic Facebook users have begun to circulate prolifically using the widely publicized Koobface threat as bait.[24][25]
Other misconceptions have spread regarding the Koobface threat, including the false assertion that accepting "hackers" as Facebook friends will infect a victim's computer with Koobface, or that Facebook applications are themselves Koobface threats. These claims are untrue. Other rumours assert that Koobface is much more dangerous than other examples of malware and has the ability to delete all of your computer files and "burn your hard disk." However, these rumours are inspired by earlier fake virus warning hoaxes and remain false.[24]
See also
- Computing Trojan horse
- Facebook malware
- Malware analysis
References
- ^ Lucian Constantin (28 October 2010). "New Koobface Variant Infects Linux Systems". softpedia. Retrieved 3 February 2015.
- ^ Lucian Constantin (30 October 2010). "Linux Java-Based Trojan Might Have Been an Accident". softpedia. Retrieved 3 February 2015.
- ^ "More Information About the Koobface Trojan Horse for Mac". The Mac Security Blog. 29 October 2010. Retrieved 20 January 2012.
- ^ "US-CERT Malicious Code Targeting Social Networking Site Users, added March 4, 2009, at 11:53 am". Archived from the original on 12 May 2009. Retrieved 18 June 2009.
- ^ "Twitter Status - Koobface malware attack". twitter.com. Retrieved 3 February 2015.
- ^ Marks, Ellen (7 June 2015). "Fake tech support warning targets Apple users". Albuquerque Journal.
- ^ Ricca, Aaron (6 April 2016). "Warnings are out there, but people keep falling for scams". The Kingman Daily Miner. Archived from the original on 9 April 2016.
- ^ Jensen, Dreama (26 February 2016). "Woman almost falls for computer scam". South Bend Tribune.
- ^ a b Koobface: Inside a Crimeware Network Archived 2012-09-14 at the Wayback Machine
- ^ "What Is the Koobface Virus?". www.kaspersky.com. 13 January 2021. Retrieved 21 November 2021.
- ^ "W32.Koobface". Symantec. Archived from the original on 9 December 2008. Retrieved 3 February 2015.
- ^ Keizer, Gregg (2 March 2009). "Koobface worm to users: Be my Facebook friend". Computerworld. Retrieved 31 August 2009.
- ^ "Worm:Win32/Koobface.gen!F". microsoft.com. Microsoft. Retrieved 3 February 2015.
- ^ "Koobface malware distribution technique - automatic user account creation on FaceBook, Twitter, BlogSpot and others". Archived from the original on 28 March 2010. Retrieved 12 August 2009.
- ^ "WORM_KOOBFACE". trendmicro.com. Retrieved 3 February 2015.
- ^ "Sophos stops new version of Koobface social networking worm". Naked Security. Retrieved 3 February 2015.
- ^ The Allure of Social Networking, describes Win32/Koobface affecting multiple social networks as described on CA's Security Advisor Research blog Archived 2011-07-22 at the Wayback Machine
- ^ "W32.Koobface.D". Symantec. Archived from the original on 15 August 2009. Retrieved 3 February 2015.
- ^ "Intego Security Memo: Trojan Horse OSX/Koobface.A Affects Mac OS X Mac – Koobface Variant Spreads via Facebook, Twitter and More - The Mac Security Blog". The Mac Security Blog. 27 October 2010. Retrieved 3 February 2015.
- ^ Web Gang Operating in the Open
- ^ a b "The Koobface malware gang – exposed! - Naked Security". Naked Security. 12 January 2012. Retrieved 3 February 2015.
- ^ "Facebook credits UAB with stopping international cyber criminals, donates $250,000 to school". AL.com. 22 October 2012. Retrieved 3 February 2015.
- ^ Protalinski, Emil (17 January 2012). "Facebook exposes hackers behind Koobface worm". ZDNet. Retrieved 20 January 2012.
- ^ a b Koobface - What is it Really? article at ThatsNonsense.com, Retrieved on 26 January 2011
- ^ Koobface article at snopes.com website, Retrieved on 30 December 2010
External links
- The Koobface malware gang - exposed!, research by Jan Droemer and Dirk Kollberg.
- The Real Face of KOOBFACE, analysis by Trend Micro.
- Researchers Take Down Koobface Servers, Slashdot article.