Facebook is warns users of a new Koobface virus that is spreading on the social networking site. The social Web has 120 million users who are vulnerable to the spreading malware. The virus was first detected in early 2008.
Facebook Inc is warning users that a worm is responsible for sending malicious code on the social networking site. The virus is called Koobface and is spreading fast. The offending malware is sent via e-mail or by online message.
The message says “You look just awesome in this new movie” which entices the user to click on a YouTube link. Facebook users are trusting the messages because they were added to their list of friends on the social Web site.
When the user clicks on the YouTube link, they are directed to a video that doesn’t play. Instead, the user is prompted to update a newer version of Flash. This is how the Kobbface virus spreads. The malware file is called flash_player.exe and should be avoided at all costs.
If the user approves the malware installation, via the fake Adobe Flash update, Koobface will download a program called tinyproxy.exe. This file loads a proxy server called Security Accounts Manager which runs the next time the PC boots up. Upon boot-up, Koobface will load and then listens to traffic on TCP port 9090. It will also listen to all outgoing HTTP traffic from Internet Web browsers.
Koobface attempts to hijack the Internet Web browser. For instance, if a user performs a serach on Google, Yahoo, MSN, or Live, the browser will be redirected to somewhere else.
McAfee Avert Labs stated on their Web site that Koobface only strikes social networking Web sites. The worm virus was first reported in August 2008. The virus was first detected on the Internet in early 2008.