For Today's blog post, we will be talking about a worm that first appeared in 2008 and has not really left, considering as new variants are constantly being released.
Koobface is a multi-platform computer worm that spreads primarily via social networks such as Facebook, (Its name being an anagram of) Twitter, Friendster, MySpace, as well as other then popular social networks. By multi-platform, I mean that Koobface is designed to infect Windows, Mac OS X, and Linux.
Koobface ultimately attempts, upon successful infection, to gather login information for websites and programs that require passwords such as social networks, and programs such as Skype. Strangely, it does not attempt to gather sensitive financial information. It then uses the infected computers to build a peer to peer botnet. A infected computer contacts other infected computers to receive commands in a peer to peer related fashion. The botnet is used to install pay per install malware as well as to hijack search results to display advertisements.
Koobface originally spread by delivering Facebook messages to people who are friends of a Facebook user whose computer has already been infected. Upon its receipt, the message directs the recipient to a third party website where they are then prompted to download what is purported to be an update to Adobe Flash player. If they download and execute the file, Koobface infects their computer.
Koobface can then commandeer the computer's search engine use and direct it to infected websites.
Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that allows the attackers to abuse the infected computer.
It is worth noting that Koobface has inspired quite a few hoaxes across social networking websites, mainly Facebook. Said hoaxes claim, among other things, that accepting hackers as Facebook friends will download Koobface onto your computer. These hoaxes are untrue and some are even inspired by fake virus hoaxes that remain false.
Thank You for reading. I invite users to comment with any questions or comments. And if you were at one point infected with Koobface, you can also share your story.
No comments:
Post a Comment