May 15th, 2009
56th variant of the Koobface worm detected
Researchers from PandaLabs are reporting on the detection of the 56th variant of the Koobface worm (Boface.BJ.worm), spreading across Facebook, Tagged, Friendster, MySpace, MyYearBook, Fubar.com, Hi5 and Bebo since May, 2008.
According to the company, the growth of Koobface related infections is as high as 1,200% since the first time it was detected over an year ago, where almost 40% of the infections based in the U.S, with the growth trend also confirmed by Microsoft’s Malware Protection Center.
What the cybercriminals have changed this time is the template, the use of an Ukrainian web site hosting service, and the “missing” fake codec, which upon execution is not only converting the infected PC into a hosting provider part of the campaign, but is also pushing scareware, liveantimalwareproscanner .com and live-antimalware-scanner .com in particular.
Despite the ongoing industry collaboration, and with MySpace already declaring victory over Koobface, the persistence of the malware gang using social engineering tactics, typosquatting of social networking domains, and their outsourcing of the CAPTCHA breaking process aimed to slow down automated abuse of the sites, makes Koobface a success story (see sample statistics) that you should keep an eye on.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
