8 Things You Probably Didn’t Know About KOOBFACE

The latest malware threats from across the security forums

Moderators: Admin Team, Moderators

User avatar
Spudz
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK
Contact:

8 Things You Probably Didn’t Know About KOOBFACE

Postby Spudz » Thu Oct 08, 2009 4:10 am

Oct7
8 Things You Probably Didn’t Know About KOOBFACE
9:31 pm (UTC-7) | by Ryan Flores (Advanced Threats Researcher)

You’ve probably read or heard about KOOBFACE malware propagating through social network sites such as Facebook, MySpace and Twitter. A lot of analysis is available online through blogs or malware descriptions. But I bet most of you probably still don’t know some or all of these things about KOOBFACE…

1. KOOBFACE knows: KOOBFACE has the capability to steal whatever information is available in your Facebook, Myspace or Twitter profile. Profile pages of these social networking sites may contain information about one’s contact details (address, email, phone), interests (hobbies, favorite things), affiliations (organizations, universities) and employment (employer, position, salary). So beware, KOOBFACE knows a lot!

2. KOOBFACE doesn’t just know you through your profile information, they also know what you look like!: Not only does the botnet steal profile information, it also makes sure to put a face to the name by getting one’s profile picture as well.

3. URLs leading to KOOBFACE malware are either in compromised or free web hosting sites: Yep, call them cheap. But the guys behind KOOBFACE are making good use of compromised and free web hosting sites in spamming KOOBFACE-related URLs. These URLs are spammed in social network sites with catch phrases like “funny video” which leads to a fake YouTube or Facebook site which then leads to KOOBFACE malware.

4. KOOBFACE zombies are made into web servers on top of being social network site spammers: KOOBFACE installs a web server component into infected machines which effectively makes the infected machine part of KOOBFACE’s malware distribution network. Infected machines serve fake YouTube or Facebook pages which then lead to the KOOBFACE malware.


http://blog.trendmicro.com/8-things-you ... -koobface/
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.

Image

Return to “Latest Malware Threats”

Who is online

Users browsing this forum: No registered users and 1 guest