Posts tagged as:

worm

Facebook Names Koobface Gang Members Publicly

January 17, 2012

Facebook frustrated by the lack of law enforcement action against the members of the Koobface gang decided to name them publicly.

After an investigation by Facebook and several independent security researchers, the gang behind Koobface have reportedly been named as a group of Russians operating relatively openly in central St Petersburg.

The gang made millions of dollars with the notorious Koobface worm, through various online schemes, and they were living luxuriously despite their identities being known to Facebook, independent computer security researchers, and law enforcement officials.

The Koobface worm (it’s name is the anagram of “Facebook”) first emerged in 2008 and spread itself by sending fake links to funny or sexy videos on Facebook and other social networks. Users who clicked on the link were told to update their Adobe Flash plugin, which was in fact the Koobface malware. The software then took control of their computer and recruited into a “botnet”. The global network of computers controlled by the Koobface gang was then bombarded with advertisements for fake antivirus software. Even the victims’ Google searches were reportedly hijacked to deliver traffic to crooked websites.

Security firm Kaspersky Lab estimates that the botnet comprised up to 800,000 computers at its height in 2010. The gang amassed $2m through various scams between June 2009 and June 2010, according to a report by internet security academics.

Facebook said it banished the Koobface worm in March last year after aggressive countermeasures prompted the gang to give up targeting the site. However, the gang is said to be still targeting smaller services.

“We know the gang’s names, their phone numbers, where their office is, what they look like, what cars they drive, even their mobile phone numbers,” said Graham Cluley of Sophos. “Now we have to wait and see what, if any, action the authorities will take against the Koobface gang.”

In certain countries like Russia, it is hard for alleged cyber criminals to be charged.

Check out the link if you want to know security experts followed the trials of the suspected Koobface gang members: The Koobface malware gang – exposed!

{ 0 comments }

KoobFace Strikes Facebook Again

December 1, 2009

Websense Security Labs ThreatSeeker Network has discovered that the KoobFace malware campaign is now using a Christmas theme. This is not the first time the Koobface worm has infected social newtork sites.

The Koobface website offors a video posted by ‘SantA’ with the usual ruse of requiring a codec to watch the video is used to encourage the user to install and run a setup file. This file is currently detected by 16 out of 41 products, according to Virus Total.

The user on the compromised facebook page is presented with alink to a compromised site in switzerland. The user is redirected to one of the several Koobface websites through a malicious flash video file hosted on the compromised site.

If the user runs the infected file, the worm will automatically login to their Facebook, MySpace, and several other social networking sites and send messages to all their friends.

So be wary of this new worm with a Christmas theme, least it doesn’t make you and your pc merry this Christmas.

{ 0 comments }

New Facebook Worm On The Crawl

November 25, 2009

According to security researchers, some Facebook users have been recently infected with a worm after clicking on an image of a scantily clad woman, which then redirects the victims to a pornography site.

The worm posts an image on a victim’s Facebook Wall with a photo of a woman in a bikini and the message “click ‘da button, baby.”

Since wall posts are viewable by a Facebook user’s friends, if a friend clicks on the image and is logged into Facebook, the image is then posted to their own Wall. Their Web browser will then open a Web page with a larger version of the same image. A further click on “da button” redirects the friend to a pornography site, according to Roger Thompson chief research officer for antivirus vendor AVG Technologies.

Most likely the creators are earning money by directing referrals to the site.

Researchers aren’t quite sure exactly how the worm works but believe it may be a cross-site request forgery attack (CSRF) or a clickjacking attack or a mix of both.

Facebook warned its users not to click on suspicious links, though it will be hard enough to identify infected links given the monstrous amount of  Wall postings including graphics, applications, audio, video and other posts that usually appear all over on a Facebook profile wall.

So, surf safe and as you have got a vague idea of what the infected link will look like, yes a “bikini clad video” link, do your part by staying away from links posted through unknown source or strangers and remove the above said link if it ever comes up on our profile before it goes on a fission reaction and hope that some remedy will come out fast to tackle this thing.

Source: [ pcworld ]

{ 1 comment }