Earlier this month, we reported on the massive new Koobface campaign making the rounds through Facebook and how it tricked users into downloading and running it through that tenet of social engineering, the fake codec. We now have a video showing how the Koobface worm tricks users into running it:

NOTE: The audio is not completely synced up with the actions in the video, so it is best to watch the video in its entirety to see what actions the worm peforms on the infected computer.

For more information about the Koobface worm, I refer you to our earlier blog entries, "What is Koobface?" as well as these descriptions of earlier versions of the worm from the ESET Threat Encyclopedia: Win32/Koobface.NBH and Win32/Koobface.NCF. A special thanks goes out to ESET's Training Department, for their assistance with both the voice-over and with the editing of the video.

Regards,

Aryeh Goretsky, MVP, ZCSE

Distinguished Researcher