News Blog: New Koobface worm lets hackers play tricks on Facebook , MySpace members

News Blog

New Koobface worm lets hackers play tricks on Facebook, MySpace members

By Larry Greenemeier | Mar 3, 2009 04:06 PM | 2

Is there a new generation of the so-called "Koobface" worm that's been plaguing social networking sites?

Apparently so. Rik Ferguson, a researcher with computer security software maker Trend Micro, earlier this week reported on the company's Web site that he had found a new variant of Koobface, which first surfaced in December, after investigating a Facebook message he received that appeared to have come from someone on his friends list and directed him to a spoofed YouTube site. The worm contacted him after stealing his pal's log-in credentials (from a cookie created by Facebook and stored on that person's computer), accessing the pal's Facebook account and sending out messages people he listed as friends.

At the bogus YouTube site, Ferguson was asked to install a file that would supposedly update his Adobe Flash Player. The file turned out to be a program that attempted to install the new Koobface variant (known as WORM_KOOBFACE.AZ). Ferguson and his Trend Micro colleagues studied the file and found that it was being made available by more than 300 computers around the world. (This is a common trick that hackers use: by routing the malicious software through a large number of IP addresses, it is more difficult to trace the source of it back to them.)

Trend Micro found that Facebook wasn't the only social networking site to have been hit by Koobface. Variations of the phony message that Ferguson received were sent to users of 10 different sites, including Hi5, Friendster and MySpace. Trend Micro recommends that Web users ignore these messages and refrain from clicking on them (even out of curiosity). Fortunately, this latest incarnation of Koobface doesn't appear to be widespread. Trend Micro has only found 28 computers infected by it worldwide (26 in the U.S. and the other two in France).

It's been a rough several days for Facebook from a security perspective: Four hoax applications have surfaced on the site, in addition to the Koobface problem, BBC News reports. One of these malicious applications tries to trick people into adding it by claiming that their friends were having trouble looking at their profiles. If the application is added it spams itself to every Facebook friend that a member of the site has, according to the BBC.

Facebook has tried to alleviate the problem of hackers targeting its members. In November, the company launched its application verification program, through which software developers could have their work inspected before it was added to the Facebook site. For their troubles (as well as a $375 fee), developers' software making the grade would receive a verification badge graphic as a symbol that the application was trustworthy and safe for members to use. Facebook's verification process is optional, but CNET in November reported that other social networks, including LinkedIn, require all apps to go through a verification process before they can go live.

Image ©iStockphoto.com/ Robert Creigh

Tags: Facebook. MySpace, Koobface, LinkedIn
More News Blog: Next: What's "surprising" about HIV in 50-somethings? Previous: Cassini spacecraft spots a new moonlet in Saturn's rings

2 Comments

Add Comment

View

1. benjaminwright 10:11 PM 3/4/09

My <a href="http://computersafety.wordpress.com/2009/01/19/security-threat-facebook-and-myspace-at-work/">research documents reports of the Koobface worm infecting</a> (or attempting to infect) workplace-related computers by way of Facebook. Employers/organizations thus have security as a reason to block social network sites. http://computersafety.wordpress.com/2009/01/19/security-threat-facebook-and-myspace-at-work/ --Ben
Reply | Report Abuse | Link to this
2. dog1 06:45 PM 3/18/09

Whats science?
Reply | Report Abuse | Link to this