Koobface, a Facebook Worm
A worm, which they named Koobface (taken after Facebook I presume) is currently creating havoc among Facebook users. It is responsible for sending Facebook users malicious code that lets them download an .exe file containing the virus.
A deceiving e-mail reaches a Facebook user’s inbox. It has a very catchy subject of “You look funny in this new video”. The message contains a download link for the “video”. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe. An unsuspecting user will try to install the update, without him knowing that he was installing a virus or a worm.
If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic. For example, a search performed on Google, Yahoo, MSN, or Live.com may be hijacked to other, lesser-known search sites. Cnet.com
Facebook says that they are currently doing solutions for this security issue. According to them, it has only affected a small percentage of Facebook users but if the threat continues, it might reach every Facebook user’s computer.
Koobface virus is like every computer threat, it is avoidable. It is highly advised not to open a suspicious link or any e-mail, especially if it’s from an unknown sender.
Recent Comments