Koobface, I'm So Unfriending You
The loser creators of the Koobface worm apparently aren't satisfied with their glorious "accomplishments" on social networking giant Facebook. According to InternetNews.com's Richard Adhikari, they're spreading the love:
Yaneza tells inews that once the hackers decrypt the cookies:
A new variant of the Koobface worm (has) widened its attack to include MySpace, Bebo, Friendster and MyYearbook, according to Jamz Yaneza, threat research manager at antivirus vendor Trend Micro.No big problem if that's as far as it goes, for as Yaneza explains, the social networking browser cookies on users' computers are encrypted. But "Koobface sends these cookies to a hacker-controlled Web site, where they try to decrypt the cookies," Adhikari writes.The new variant, which Trend Micro calls Worm_Koobface.AZ, proliferates via e-mail to potential victims on social networking sites. The virus steals cookies from victims' Web browsers, giving them access to users' preferences, and, in some cases, passwords, Yaneza told InternetNews.com.
Yaneza tells inews that once the hackers decrypt the cookies:
"[T]he worm can masquerade as the user, then send links to the user's friends that will take them to sites containing malware."Not sure if this means the hackers are becoming more clever or just lazy, but:
The approach takes hackers beyond the need to design Facebook applications that target victims, as they did recently in the "Error Check System" attack, Yaneza said. While such apps can spread quickly by disguising themselves as communications from friends, social networking sites can disable and block them with relative ease.None of the socnet sites being targeted are reporting any problems with the Koobface variant so far (of course, would they really want to report that unless they had no choice?). Good thing, too, because it is a bear to get rid of:
The worm, which Trend Micro said runs on Microsoft Windows 98, ME, NT, 2000, XP and Windows Server 2003, digs in by launching a rootkit attack, moving deep into the operating system of the victim's computer and resisting attempts to remove it, according to Roger Thompson of anti-virus vendor AVG."If it's hiding in a particular directory and an antivirus application browses that directory, it removes itself from the list of files returned to the antivirus software," he said.
If you're a socnet member, here's what to be on the lookout for in your email:
Messages urging you to get the new Adobe.
Links to a video seemingly sent by a socnet friend (details from TrendMicro here) with messages such as "You look just awesome in this new movie."
Trend Micro reports that Koobface looks for cookies from the following socnet sites:
- facebook.com
- hi5.com
- friendster.com
- myyearbook.com
- myspace.com
- bebo.com
- tagged.com
- netlog.com
- fubar.com
- livejournal.com
del.icio.us
Digg it
Furl
Google
StumbleUpon0 TrackBacks
Listed below are links to blogs that reference this entry: Koobface, I'm So Unfriending You.
TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/7576
Calendar
Search Datamation Blog
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Leave a comment