Facebook Virus “Koobface” Spreads Holiday Cheer


Myspacers have been dealing with identity theft scams for years, but now there’s mounting evidence that hackers are targeting Myspace’s more mature brother, Facebook. According to a Reuters wire story, a virus known as “Koobface” has been making the rounds using the Facebook messaging system.

How Does it Work?

Users are typically told that they “look awesome in this new movie” that the sender has uploaded, and are redirected to a site that in turn asks them to install a bogus Adobe Flash player update. If the user decides to take the bait, the Koobface virus is instantly installed on their computer, at which time it goes about its business gathering credit card numbers and other sensitive information.

How Do I Get Rid of It?

According to Guy Bunker of Symantec, Koobface is fairly easy to get rid of. Users can either install some anti-virus software (which will automatically find and destroy it,) or locate two files in their Windows directory. The files are named “tmark2.dat” and “mstre6.exe”, and should be deleted immediately if found.

Find more details on detection, files affected, removal, etc. on the McAfee web site.

Even if Koobface itself isn’t all that scary, the Reuters piece cites a security researcher with McAfee as saying that such viruses are on the rise on social networking sites. Presumably surfers are more trusting with these sites because they typically use them to connect with friends, and aren’t expecting to be targeted the way they would in a random email from an unknown spammer.

In 2005 and 2006, Myspace suffered from a rash of security problems, the most widespread being a JavaScript virus named “Samy.” Samy was relatively harmless since it targeted internet profiles rather than PCs. Nevertheless, more than 1 million users ended up displaying the message “Samy is my hero” on their Myspace profiles in 2005.

How Do I Protect Myself in the Future?

Social networking sites like Facebook turn us into fools when it comes to installing software.

  • Want to throw a virtual snowball at someone? Install this application.
  • Want to find out what kind of sandwich you are? Install this application.
  • Want to know how you’re going to die? Install this application.

That’s why these sites are the newest playground for virus creators – people are connected, they click on stuff, they install stuff, rinse and repeat.

One good rule of thumb is to avoid redirect links in Facebook or Myspace messages unless you can absolutely verify that the URL is legit. Never download a file from a page you’ve been redirected to. Report the incident to the support staff at social networking site, and await further instruction.

You may know who your friends are in real life, but it’s important to remember that an internet persona can always be hijacked—even if you do look really awesome in that movie.

Screenshots

Here’s how the Koobface virus, and other related viruses appear within Facebook:

What Appears in Facebook

Notification in Your Email

Website Download

Updated to add:

Variants of this virus appear to be pointing to data collection or revenue generating web sites. Here are a few titles I’ve had reported recently:

“hey is this u on thebestphotosonline.com”

and…

“whats the deal with u bein on imdownwitu.com”

Author: Dave Nielsen

I started using computers in 1978 on the Apple II and was first online (using my “high-speed” 1200 baud modem) in 1989. I’ve managed web sites for several Fortune 500 companies and for internet start-ups. Working for one of those start-ups is what brought me into the world of credit. I was part of the the executive team that ran QSpace, the first company to offer credit reports over the internet.

Share This Post On

Submit a Comment