Video Screencast Help
Security Response

Koobface Turns the Other Cheek

Created: 15 Jul 2009 08:09:22 GMT • Updated: 23 Jan 2014 18:34:05 GMT
Hon Lau's picture
0 0 Votes
Login to vote

This is now getting a bit tedious but the Twitter and Koobface bandwagon just keeps on tumbling down the slippery slopes. Today there are many reports of yet another variant of Koobface doing the rounds through Twitter. The tweets doing the rounds contain the following messages:

  • My home video :)
  • Watch my new private video! LOL :)
  • michaeljackson' testament on youtube

I had a look for some of the hacked twitter accounts myself and found a few unfortunate souls whose accounts have been hijacked to spread this malware. Here's one example I have found below. Some of the TinyURLs are pointing to the AdultFriendFinder Web site; the one below is not responding but appears to be active.

imagebrowser image

Other URLs are directing users to a fake video Web site that contains the usual Codec-type social engineering trick to lure users into downloading and running the file.
Symantec detects this as W32.Koobface.C. The threat that it drops is detected as Antivirus2008. Given the redirects chosen by the attacker and also the threat that it drops, clearly the makers of Koobface are in the business of making money.

Twitter has taken action and suspended accounts that have been infected. To prevent your computer from becoming infected, be wary when clicking any links you receive in a tweet, even from your friends as this worm uses social engineering techniques in an attempt to infect your computer; that is once a user is infected it will send links to their followers and hence the link comes from someone you know. Make sure that you also regularly update your Symantec security software to catch the latest threats.