Subscription Center
Dec 5, 2008 03:27 PM | 16
The "Koobface" software worm tormenting Facebook and MySpace users is still going strong, prompting them to download bogus software that infects their computers, sends spam out to their friends and allows hackers to redirect their Web searches.
The worm is activated when a person logs into his or her Facebook or MySpace account, creating and sending spam messages to listed friends via the Facebook or MySpace sites. The messages and comments include sophisticated fare such as "Paris Hilton Tosses Dwarf On The Street" and "My friend catched [sic] you on hidden cam" as well as a purported link to a video of the advertised content, according to security software maker Kaspersky Lab, based in Woburn, Mass. Clicking on that link delivers a message telling the user to download the latest version of Flash Player.
Instead of getting the latest player, though, the user gets software that spies on their actions, scanning all HTTP traffic, "in particular looking for traffic to Google, Yahoo!, MSN, and Live.com for the purpose of hijacking search results," Craig Schmugar, a security researcher for antivirus maker McAfee, Inc., wrote earlier this week on his blog. Translation: the Web traffic is diverted to other Web sties to pad their traffic results.
The outbreak has prompted a discussion thread of 194 Facebook users, since August 24, relating their experiences with Koobface. A user named Erin today posted to the thread stating that she was hit by the worm, "and I am HORRIFIED! It says something about seeing you posing naked and has some geocities link..."
User "Dale" described how the worm works. He wrote that he received a message from a Facebook friend saying, "I saw this video of you etc. It diverted me to a site that looked like youtube. It then stated my video player was out of date and to upgrade it. The moment I did and installed the file, FB began automatically sending messgaes [sic] to my contacts before my eyes."
Kaspersky in July reported having found two variants of the Koobface worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook, respectively. The threat, Kaspersky reported, was that the worm could unleash malicious software that allowed a hacker to take remote control of your PC, turning it into a "zombie" and using it as a launching point to attack other computers.
Facebook says on its site that it is helping users deal with Koobface and phishing sites. Its advice: that users scan their computer for viruses and reset their passwords if their Facebook accounts were recently used to spit out spam.
Facebook rep Barry Schnitt told CNET that "only a very small percentage of Facebook users have been affected" and that the company is updating security to limit damage and block future breaches.
This attack comes just weeks after a federal court ordered Canadian spammer Adam Guerbuez to pay Facebook $873 million for falsely obtaining login information for Facebook users and then sending spam to those users' friends.
©iStockphoto.com
Tags:
MySpace,
Google,
Facebook,
hack,
Microsoft,
worm
More News Blog:
Next: Are there toxic toys on your holiday gift list?
Previous: New LHC report details collider's damage and repair
See what we're tweeting about
FlyingTrilobite Tomorrow's Globe shocker: Rob Ford is Vinz Clortho, Keymaster to Gozer. Plans to unleash Destructor/Marshmallow Man upon downtown.
BecCrew Dragon Island Blue is taking over my life
docfreeride Plus side of commencement: I leave so early no one expects me to prepare breakfast before I depart. When I return, however ... #LateLunch
Deadline: Jun 29 2013
Reward: $7,000 USD
The Seeker for this Challenge desires proposals for chemical methods that could rapidly degrade a dilute aqueous solution
Deadline: Jun 30 2013
Reward: $1,000,000 USD
This is a Reduction-to-Practice Challenge that requires written documentation and&
Powered By: 
YES! Send me a free issue of Scientific American with no obligation to continue the subscription. If I like it, I will be billed for the one-year subscription.
16 Comments
Add CommentHuh. Funny, the virus doesn't seem to work on my Apple... :)
Reply | Report Abuse | Link to thisI think maybe you just challenged these idiots who infect our computers to see why this worm virus doesn't attack your apple. I would think he's thinking well let me just see what I can do about that. Not so funny..HUH:(
Reply | Report Abuse | Link to thisFunny? maybe you just didn't get the virus!
Reply | Report Abuse | Link to thisSooo maybe you just gave these idiots infecting our computers an idea...Like maybe he will start working on the problem as to why his virus doesn't work on an apple....HUH ...not so funny:(
Reply | Report Abuse | Link to thisHuh. Funny, the virus doesn't seem to work on my PC. Then again, I'm not an idiot ;-)
Reply | Report Abuse | Link to thisDon't worry, if enough stooges buy Macs to make it worthwhile to write viruses for them, they will come. Right now no one is interested in going after just 5% of the computer base.
Reply | Report Abuse | Link to thisI guess every one got my point. I picked up that virus and it was a nightmare getting rid of it and reparing my computer. I just thought that was a little on the arrogant side bragging about how his apple was immune to the virus and possibly bringing unwanted attention to other apple users. I'm thinking these people who create these things just might step up there efforts to getting at those apple users out there.
Reply | Report Abuse | Link to thisThe security/hacking community (yes alot of hackers are security professionals, and vise versa) is in good standing with apple macintosh....for the moment, and as long as they dont pull another dfcon-los vegas no show. The security/hacking community is quickly transforming from individual users to large corporations hacking and assembling virus/worms ect...they have alot to gain from spyware and hacking, just look at sony's DRM rootkit that malicously installs itself, without your constent/notification, takes screenshots and* keylogs, scans your ports for traffic(HTTP,UDP,TCP/IP ect...) and infects other computers on a network. Theres a criminal investigation going on about it however its been unable to prosecute on grounds of "definition" of wat malicous software (worms, virus,trojans ect) are. however i feel that The only thing that makes this rootkit legitimate is that a multinational corporation put it on over 1 Million computers, and not a criminal organization. Heres some reading on corporate espionage:
Reply | Report Abuse | Link to thishttp://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
http://en.wikinews.org/wiki/Sony_faces_class_action_lawsuits_for_DRM
http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal
How sony's DRM rootkit relates to this article is that the koobface worm is being used to bloster the number of visitors to a legitimate website, thereby making more money because advertisers will pay exponentially larger amounts to a website that has every myspace/facebook user visit it. we're talking thousands, possibly hundreds of thousands of dollars in a short ammount of time, IF* the entire userbase of myspace/facebook were to visit those sites. luckily the worm was built like crap and it got detected, for they would have got exactly wat they were after if the assemblers (people who make malicous software) were as good as EA or Sony's.
Reply | Report Abuse | Link to thisI just have one thing to say. Why viruses on Myspace and FaceBook? They are more social websites, why not attacking actual businesses or money wiring companies? At least there is money in those....Yeah I know I know I am just handing out ideas but seriously think about it....Why waste time on minor things?
Reply | Report Abuse | Link to thisActually, thats where the money is at. It's hard, *really* hard to hack an established financial institution on the net; assuming they have half a clue about internet security and you're not working on the inside.
Reply | Report Abuse | Link to thisThis is the same reason the internet is now spewing with advertising, it's a quick and dirty way to make money, a lot less traceable, a lot easier to launder and frankly the authorities don't care if people are forced to stare at a few ads because of a virus (or greedy corporation... whats the difference really?). The genius part is if the worm can propagate properly, those few ads can be viewed by potentially millions of people belonging to a targetted demographic (ie. online social networking), which ads up to 10's or 100's of millions of ad views. If the advertiser wants to give you 0.5 cents per ad view, the worm author can earn $50000 in a few weeks while kicking back and letting their creation do it's job, with the assistance of ignorant computer users. Apple-mac *cough* *cough*.
And who want's to hunt down a fat single man living in his mothers basement in a slumtown area of China over that?
Not the police in my country!
Hackersarefunny you are absolutely right why wasting time when there is a bigger one to hack on big companies bank etc.... why on Facebook or myspace etc.... some people needs to communicate with there family's and friends world wide they want to have fun especially people in abroad misses there love ones. Who wants to hack a poor family or not even has a job just to ruin their computer it so dumb...
Reply | Report Abuse | Link to this(Note: I realized that I wrote in a previous post tcp/ip as a protocol along with UDP and other, when in fact it is the primary standard to which other internet protocols conform)
Reply | Report Abuse | Link to thisActually, Its not as hard to hack a bank as you would imagine dan-e. In fact it happens routinely, more so than people suspect. Typically it happens for a legitimate purpose, like the bank has hired a pentesting (penetration testing) company to check their security and the company finds a flaw in a new update or bank personnel not exercising protocols correctly. Not everytime does a hacker access bank account information or authorization to transfer money, but the more rare case when they can they can exactly make themselves rich just by putting money into a swiss because of red tape and paperwork...it takes 3 days and a personal confirmation. additionally getting away with it is the hard part, since an ISP can narrow down the attacking system on a network via nodes (the box that branches cable/phone line to your house) and even packet routing through other computers can be traced that way.
*Correction* Cant' exactly make themselves rich, getting through protocol to transfer enough money to make said felony worthwhile would be a b*tch.
Reply | Report Abuse | Link to thisAs far as why attack Myspace/Facebook...like I already stated its about advertising. Most all black hat hackers would not usually try to hack a bank unless they were to do it from another unsecured location with no connection the them. So where else could they put their skills to use to make money? Ambush advertising. Its a system just like the one that feeds paparazzi...paparazzi take pictures for magazines, people see those and become compelled to buy the magazine. In this case there are no stars or pictures, the assembler (virus writer) simply forces people to 'buy the magazine'...In other word forces them to go to other websites and look at the contents, and all the while said hacker is making money. but more often than not, cases like this are not some loser in his basement with no formal IT education, its a corporation or group of men that stand to make money off the ambush advertising. Doing it themselves effectively cuts out any middle man that could pose a risk and saves them money by not having to pay him.
In the fiscal year of 2008, $1 TRILLION USD was racked up in stolen information and damage repairs collectively among leading countries due to cybercrime.
http://news.cnet.com/8301-1009_3-10152246-83.html
I know this is an old thread but this virus is new to me. I have been doing some reading and came across this thread and wanted to let you know, it is still alive and well. I was hit with it today i.e. the phone website etc. but my Norton caught it before it self-installed.
Reply | Report Abuse | Link to thisI know this is an old thread but this virus is new to me. I have been doing some reading and came across this thread and wanted to let you know, it is still alive and well. I was hit with it today i.e. the phone website etc. but my Norton caught it before it self-installed.
Reply | Report Abuse | Link to this