Koobface Gives Social Networking Users The Blues

A recent menace has been harvesting itself in social networking domains such as Facebook, MySpace, hi5, Bebo, Friendster and Twitter etc. The worm, codenamed Koobface, spreads by sending spam to contacts containing a catchy message with a link to a “video.

Clicking the link will redirect the user to a website designed to mimic YouTube (but is actually named YuoTube ), which asks the user to install an executable (.EXE) file to be able to watch the video The .EXE file is, however, not the actual KOOBFACE malware but a downloader of KOOBFACE components.

Upon execution of the .exe file displays an error message but in fact drops and executes a copy of itself from the Windows system directory.

• Once infected users machines can be used to distribute additional malware, generate ‘pay per click’ advertising revenue, steal sensitive data, break CAPTCHAs, and subvert
  the affected user’s online experience. The name KOOBFACE is an anagram of FACEBOOK.

In view of rapid propagation and emergence of the KOOBFACE WORM, users are advised to implement the following counter measures :

• Delete files, registry keys added by the worm.
• Excise caution when opening attachments and accepting file transfers.
• Excise caution when clicking on links to web pages.
• Install and maintain updated anti-virus software at gateway and desktop level.
• Keep up-to-date patches and fixes on the operating system and application software.
• Install and maintain Desktop Firewall and block the ports which are not required