Facebook Malware Threat Koobface Unfriends Social Network

By Brian Prince, CRN
April 12, 2011 12:35 PM ET

Page 1 of 2

Some say a leopard can't change its spots. That may be true, but malware is a totally different animal.

Koobface, arguably the most notorious piece of malware targeting Facebook, has stopped using the social network to spread, according to research from security firm FireEye. An anagram of Facebook, Koobface was first detected in 2008. In 2009, a more robust version appeared, and variants have been seen targeting a number of social networks including MySpace, Twitter and hi5.

But according to FireEye security researcher Atif Mushtaq, Koobface has now lost interest in Facebook, despite -- or perhaps because of -- its popularity with millions of people around the world. It has been roughly two months since the company saw Koobface trying to pollute Facebook, he blogged. “All of a sudden, we saw bot herders are no longer instructing zombies to post fake messages to compromised Facebook accounts,” he wrote. “Our first impression was that it's just a temporarily move but a continued silence for about two months is not something that can be ignored.”

The change follows a November 2010 report by the Information Warfare Monitor (IWM) that revealed how the gang behind Koobface made more than $2 million between June 2009 and June 2010 through pay-per-click and pay-per-install affiliate programs.

In the past, the malware typically spread on Facebook using shortened URLs that would direct users to a fake YouTube video that asked them to install a fake codec so they could watch the video. Those who were duped into installing the file would be compromised, and the cycle of link postings and infections would continue.

Mushtaq speculated that the motivation behind dropping Facebook as an attack vector is due to the attacks causing too much attention. “By not using Facebook as its primary infection vector, Koobface will make Facebook lose interest in it, one less enemy,” he blogged. “I have no doubt that the guys behind Koobface are using other channels to spread their creations like pay per install, exploit kits and most recently torrents.”

Next: Koobface Lives On

1 | 2 | Next >>

To continue reading this article, please download the CRN Tablet Edition app from the iPad App store.

Related: Videos | Slide Shows | ChannelCasts | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Bit9 Security Survey: Nobody Wants To Be A Headline What's keeping IT security professionals awake at night? These survey results provide insight into perceived threats and vulnerabilities, the effectiveness of security practices, and opinions about disclosure practices.
	Nix That Click: Six Scareware Scams To Watch Out For SpywareRemove.com provides a list of some of the nastiest rogue antispyware programs out there -- designed to trick people into paying to remove malware from their computers.
	Malicious Malware: Six Ways Cybercriminals Beat Security Cybercriminals have become adept at going around the latest security defenses. Here's a list of some of the most innovative malware in use today.
	More Slide Shows