The Koobface gang has been keeping themselves busy of late. Like Santa's little elves, they’re beavering away, creating and checking their fake Facebook and YouTube video sites and packin' it (the worm, that is) twice. The latest campaign involves posting messages on Facebook profiles, which link to either to fake video pages or a fake Facebook page. Either way you will be offered a file named setup.exe, which may be presented as a Flash Player upgrade or some kind of free antivirus to protect you from Koobface.
The lure is put forth in compromised or bogus Facebook postings. The text is largely the same, though the messages appear with duplicate letters in various parts of the posts. For example:
• I caan't ffall asleepp affter viewwing thiss videeo. I haven'tt seenn aanything liike this
• I can''t falll aslleep aftter viiewing thhis vvideo. I havven't seeen aanything likee...