Koobface – What is it really?Here we explain what the Koobface worm actually is, how it works, how it infects a computer and most importantly how to avoid it. We also address many of the misconceptions associated with this type of malware.In this article –How does it spread? How to avoid it. Misconceptions about Koobface Facebook Hoaxes and False Alerts Malware is the broadest term available for malicious software, and it can be further classified by either what it does on a victim’s computer, for example Spyware or a KeyLogger, or it can be classified by the methods to which it spreads and infects computers, such as a Trojan Horse or Scareware. In this case, Koobface is dubbed Koobface because of the way it spreads – via social networking websites, such as Twitter, MySpace, Bebo and specifically Facebook. Koobface, as you are most likely aware is an anagram of Facebook. Koobface is also considered a type of “worm” because of its self-replicating nature. How exactly does it spread? The principle way Koobface spreads is by posting messages that contain malicious links from a social networking account (such as a Facebook account) to all the contacts associated with that account (for example, the Facebook contact list). The links direct social networking users to external websites that will download Koobface onto their computers as well. Once installed, Koobface looks for evidence of social networking accounts on those computers, and once found, will start posting messages from those accounts and the process begins again, and the Koobface malware begins to spread virally. This is the basic template, but how does Koobface get people to click on the malicious links and how does it install itself once the potential victim visits the external website? Koobface malware is designed to post links intended to bait Facebook users into clicking them, so many of the messages posted are messages like – Check out this YouTube video of you….LINK Essentially anything that will cause curiosity or intrigue from the Facebook user. The messages vary greatly, but remember they are purely designed to get people to click on them. Once clicked on, the victim is commonly asked to download some sort of add-on to view the page/image/video correctly. One of the most common examples is requesting victims download an extension to Adobe Flash Player in order to play a video. Once the user download this add-on, their computer is infected with Koobface and they will most likely notice unauthorised messages posting from their social networking accounts. As we said before, Koobface refers to the way the software spreads through the Internet – via social networking site – however Koobface is installed directly onto a victim’s computer meaning it has access to the computers file system. Koobface can theoretically come bundled with any other type of malicious software including spyware, adware, key loggers or Trojan horses. Even though the Koobface aspect refers to the way it spreads, what Koobface can do once it infects a computer can vary. Avoiding the Koobface Worm To avoid getting infected with the Koobface worm, social networking users are recommended to use social networking sites carefully, much as they would to avoid other scams such as malicious applications or survey scams. This includes – Suspicious Links – Be wary of suspicious links that you see posted on a social networking site. In Facebook this could mean links posted by your friends, sent to you via Facebook mail or Facebook chat, or links posted in groups. If ever in doubt that a link is genuine or automatically generated, contact the person who posted it. Run Up-to-Date Antivirus – Even though Koobface is a relatively new type of malware, it is still malware, meaning running up-to-date antivirus software should detect and remove the problem. There is no one way of removing the Koobface virus. Don’t Install “updates” – If Facebook (or other social sites) links take you to external websites, never install updates these sites try and get you to install. This is the classic method Koobface uses to trick victims into installing it. Misconceptions about Koobface Facebook Applications are not Koobface! Many inaccurate reports and rumours lead many to believe that rogue Facebook applications themselves are Koobface worms. They’re not. Malware and Facebook applications are different things. Malware runs on a computer, Facebook applications run on a Facebook account. Whilst it is technically feasible for an application to infect a computer directly, this is extremely rare. What is more likely is that a rogue Facebook application will post malicious links from a Facebook account and those links will lead to external websites that will prompt Facebook users to download the Koobface worm. Koobface is not a virus Many people assume Koobface is a virus but really it is a type of computer worm. Any self replicating computer worm that spreads by infecting and posting from social networking accounts constitutes a variant of Koobface. This means that Koobface is not a single threat but takes on many different variants. Several main strains of Koobface have already been identified. Koobface is not extremely malicious Many online rumours claim Koobface is the “most dangerous virus ever” and that is can “destroy hard drives” and other extreme claims. Koobface is just a type of malware and is not more dangerous than other types of malware. Running antivirus software should be enough to remove Koobface infections, just like other types of malware. Koobface Hoaxes and False Alerts Koobface’s entrance into the media spotlight was quick and alarmist. Facebook users were surprised to learn that the newest type of malware was spreading via social networking sites, posting automatic links from infected accounts looking to trick other social networking users into installing it. Because of this, hoaxers use the subject of Koobface to try and instil panic into other social networking users. Hoaxers know that creating a panic is the best way to get their false rumours to circulate further and faster. Many hoaxes have circulated via social networking sites like Facebook regarding both misconceptions about Koobface and false and inaccurate Koobface alerts. Many hoaxes pertain that a “Koobface virus” is circulating and that it can do things like “shut down computers” and “burn hard disks”. Such alerts are misleading and alarmist. There are many security websites (like Sophos) where genuine alerts are issued so social networking users do not have to rely on rumours and hearsay circulating through the Internet. |
Comments
smeegle says: |
I removed the worm from my PC, but the games still were corrupted. I removed and re-installed the games and they were still corrupted. Any new games I installed worked fine. What did I miss ? |
| posted on 04/01/11 |
tc says: |
stop installing pirated games. |
| posted on 05/15/11 |
AWL says: |
so what to do ? I have a koobface virus and please help me! |
| posted on 07/22/11 |
CirClipS says: |
Wow ! That`s pretty nonsense ! [Quote]Koobface is not extremely malicious[/Quote] How can you seriously say that? Is it because you think you`re smart enough not to click on the fake link? Or because you don`t know yet that Koobface is designed to spread widely, quickly, and dynamically, adapting itself, becoming able to download additional payloads and spread ways thanks to the whole cloud of infected computers ? |
| posted on 07/25/11 |
CirClipS says: |
AWL> You should follow these steps. Make sure you read the hole thing before going further. 1. Download any good and up-to-date anti-rootkit (#1) and antivir (#2) software ON A SAFE COMPUTER because koobface affects some DNS entries to prevent you from doing that on your infected computer. 2. Burn (#1) and (#2) to CD/DVD (best option) or copy to USB Key. 3. Safe-boot your computer 4. Use (#1) to remove potential rootkits (read the doc for how-to) 5. Use (#2) to full-scan and clean your computer 6. Reboot and double-check everything is OK. 7. Enjoy and maybe say thanks |
| posted on 07/25/11 |
DeltaSierra says: |
How can you say that any malware is not extremely malicious, if packed alongside a back door or even a trojan horse, it can crash a system, run it as a zombie computer or just nick all ya saved information and cookies, which could be passwords for absolutely anything credit/debit card information, etc.... |
| posted on 11/08/11 |
DeltaSierra says: |
And mate if you wanna get rid of any virus/malware/rootkit/worm or whatever, and it`s bugging you that much then the best solution (IF NOTHING ELSE WORKS!!!!!) is wipe the machine and started from scratch again. P.S only to be done if there is no other way and living with the problem is hazardous or annoying |
| posted on 11/08/11 |
