8 Things You Probably Didn’t Know About KOOBFACE
9:31 pm (UTC-7) | by Ryan Flores (Advanced Threats Researcher)
You’ve probably read or heard about KOOBFACE malware propagating through social network sites such as Facebook, MySpace and Twitter. A lot of analysis is available online through blogs or malware descriptions. But I bet most of you probably still don’t know some or all of these things about KOOBFACE…
1. KOOBFACE knows: KOOBFACE has the capability to steal whatever information is available in your Facebook, Myspace or Twitter profile. Profile pages of these social networking sites may contain information about one’s contact details (address, email, phone), interests (hobbies, favorite things), affiliations (organizations, universities) and employment (employer, position, salary). So beware, KOOBFACE knows a lot!
2. KOOBFACE doesn’t just know you through your profile information, they also know what you look like!: Not only does the botnet steal profile information, it also makes sure to put a face to the name by getting one’s profile picture as well.
3. URLs leading to KOOBFACE malware are either in compromised or free web hosting sites: Yep, call them cheap. But the guys behind KOOBFACE are making good use of compromised and free web hosting sites in spamming KOOBFACE-related URLs. These URLs are spammed in social network sites with catch phrases like “funny video” which leads to a fake YouTube or Facebook site which then leads to KOOBFACE malware.
4. KOOBFACE zombies are made into web servers on top of being social network site spammers: KOOBFACE installs a web server component into infected machines which effectively makes the infected machine part of KOOBFACE’s malware distribution network. Infected machines serve fake YouTube or Facebook pages which then lead to the KOOBFACE malware.
http://blog.trendmicro.com/8-things-you ... -koobface/