Monday, March 2, 2009

Blog: Koobface Variant Spreading Through Social Networking Sites

SANS NewsBites vol. 11 Num. 17 (3/3/2008)

Koobface Variant Spreading Through Social Networking Sites (March 2, 2009)

A variant of the Koobface worm has been spreading through social networking communities such as Facebook and MySpace. The malware spreads by sending messages that appear to come from friends, asking them to click on a link to watch a video. When the users reach the malicious website, they receive a message that they need to install an Adobe Flash plug-in to view the clip properly. If they agree to install the plug-in, a Trojan horse program is installed on the computer instead, giving attackers control over the machine. This Koobface variant also sends out invitations to watch the bogus clip to contacts through the social networking account. In addition, two rogue Facebook applications have been attempting to steal user data.

http://voices.washingtonpost.com/securityfix/2009/03/koobface_worm_resurfaces_on_fa.html

[Editor's Note (Skoudis): Get used to this. I think we'll see a steady stream of these kinds of stories with malware propagating via social networking contacts throughout the next few years. And, given the increasingly flexible APIs the social network sites are implementing, bad guys will be able to mine this information for attacks far more effectively.]

No comments:

Blog Archive