Another Look at Koobface: How It Infects Facebook Users

by Aryeh Goretsky Distinguished Researcher

April 21, 2010 at 12:28 pm

Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it:

NOTE: The audio is not completely synced up with the actions in the video, so it is best to watch the video in its entirety to see what actions the worm peforms on the infected computer.

For more information about the Koobface worm, I refer you to our earlier blog entries, "What is Koobface?" as well as these descriptions of earlier versions of the worm from the ESET Threat Encyclopedia: Win32/Koobface.NBH and Win32/Koobface.NCF. A special thanks goes out to ESET's Training Department, for their assistance with both the voice-over and with the editing of the video.

Regards,

Aryeh Goretsky, MVP, ZCSE

Distinguished Researcher

This entry was posted on Tuesday, April 20th, 2010 at 1:15 pm and is filed under Adobe, Aryeh Goretsky, Botnet, browser security, codec, ESET Research Team, ESET video, Facebook, fake anti-malware; fake software, Fake updates, FireFox, Flash, Koobface, malicious links, Malicious URLs, Malware, rogue antimalware, Rogue AV, Social Engineering, social networking, Trojan, Trojan downloader, virus, Web 2.0, Worm. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Share |

Subscribe by Email

Blog Search

Another Look at Koobface: How It Infects Facebook Users

Leave a Reply