Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Facebook worm still spreading

By Tim Conneally, BetaNews

August 25, 2008, 1:17 PM

Early in August, security firms noticed a worm spreading on Facebook through wall posts, claiming to contain a video requiring a new codec to be installed. Variants of this worm are now being spotted on a weekly basis.

The virus appears to be a slightly modified version of what Kaspersky Labs called Koobface; a worm elaborate in its design, but crude in execution.

Utilizing the same poorly worded social engineering tricks, the worm sends messages in Facebook with subject lines like "Hi My Friend," or "Hej!" and contains a verbose link to a video that claims to feature the recipient in some way. Instead of loading a video, it says the user's version of Flash is out of date and needs a new codec. Attempting to click on any part of the video player, including the sender's profile information, the fake comments, or settings, results in a forced download.

Koobface virus package contents

Up to this point where the user downloads the file entitled "codecsetup.exe", the worm's methods are exactly the same. Once the "codec" file is opened, it creates a file called "fbtre9.exe", different from the Koobface.A profile, which created a file called "mstre6.exe." This appears to be the sole difference between the two, and the twelfth time the virus has mutated in such a way (there are currently 27 different Koobface infections).

When the file is run for the first time, it generates an error message and begins looking for Facebook user ID cookies. If found, the results are intended to be reproduced every time the user turns on his computer.

During the inital spread of "Koobface," Facebook's head of security Max Kelly wrote in the official blog that "Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware."

At least for BetaNews, which purposefully installed the koobface virus on a virtual machine, this statement is untrue; we were neither notified nor were we informed on corrective measures. However, the message which carried the virus disappeared promptly after obtaining the necessary files. Some have attributed this to either Facebook's diligent users or staff, but this is yet unconfirmed.

Koobface worm installed

Add a Comment (9 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Hollywood__

posted Aug 25, 2008 - 6:50 PM

foxfire stole my planned one word post! ****.

Score: 0

By yountmj

posted Aug 25, 2008 - 7:19 PM

Damn... same here. LOL

Score: 0

By foxfyre

posted Aug 25, 2008 - 3:28 PM

Good.

Score: 0

By internetworld7

posted Aug 25, 2008 - 3:17 PM

AND yet another reason to get a Mac, no worries of viruses taking over your computer. Wow, as I said that, I'm feeling very smug right now. :)

Score: 0

By WeezulDK

edited Aug 26, 2008 - 4:07 PM

*puts up two thumbs, squints eyes and says:*

GOOD FER YEWWWWWW!!!

AND yet another reason to dislike smug Apple-fanboy comments.

The real lesson here is that people need education on how to protect their computers by not falling for such stupidity.

I have no viruses.

I run NO antivirus software 24/7 (on occasion I do scan my systems).

I have a NAT router without any special software security suite on the client side.

I patch my OS regularly.

I don't open uninvited attachments without knowing who sent them and if they even sent the file in the first place, especially anything executable.

I don't surf pr0n spam mail links, random links sent to me in SPIM or SPAM, I don't use facebook or any "*book" or "*space" site.

I don't install every single program that pops up in my browser when I do go to a website outside the norm.

I use the proper CLOSE button on popups instead of cheesy deceptive graphics inside a popup HTML frame.

I don't download and use "adware".

I pay attention to what I have running at all times when I'm working on my PC.

I don't let anything autorun on start that doesn't absolutely need to be, unless it will not function without it, and even then it had better be essential to the operation of the program (rare gems like Daemon Tools and ANYDVD are examples)

Here's my version of a Mac vs. PC commercial:

I am a PC. And I'm educated about how a PC works. I know not to click on everything that pops up, and guess what, I don't have a problem with my Windows experience!

I am a Mac, and I don't want to know, nor care to know, I just want it to work. I don't have the time or brainpower to care.

Score: 0

By ryanrst

edited Sep 15, 2008 - 2:37 PM

@WeezulDK

Even those who are as diligent as can be could still fall victim to a virus or worm. Files sent to you legitimately from a friend or colleague can contain malicious code unknown to both parties. Someone could use your computer and do something on it that you wouldn't.

I'm both a Mac, PC and Linux user. Personally I have found that the majority of people I know who use Mac and Linux are more aware of how their computer works than those who run Windows. Being very knowledgeable about computers I often get asked to help with problems - not once have I been asked to fix an issue on a Mac. I have on occasion been asked for help with how to install and use Linux. Almost all issues are with Windows users and the amount of spyware, adware and junk that I find on these machines is incredible.

I would recommend anti-virus for most Windows users. Yes it's likely to hog resources, cause your system to slow down and even hang on occasion. But in the long run it will prolong the life of you OS and delay the inevitable Windows re-install. At the very least get yourself a firewall (not Windows firewall), a decent browser (Google Chrome seems to be the best at the moment for blocking pop-ups, phishing scams and other malicious sites) and keep yourself up to date on what you need to be careful of on the web.

I don't want to get into an argument over which OS is better etc... but just because some die hard Apple fans flaunt some of the good features of OS X, that doesn't mean they are ignorant and don't know how their computer works.

Have fun everyone and think before you click!

Score: 0

By Hollywood__

posted Aug 25, 2008 - 6:55 PM

Not as smug as me. You couldn't fit in the same room with my ego. I bet you get in your s***box and drive to a soon-to-be-eliminated job every day like everybody else.

You are the type who would drive a seven year old Honda Civic but have an iPhone to appear successful.

_________________________________

Vista also won't let viruses install without warning you twice (unlike XP), and of course there is always Windows Restore for the morons.

Score: 0

By mjm01010101

posted Aug 25, 2008 - 1:32 PM

"At least for BetaNews, which purposefully installed the koobface virus on a virtual machine,"

Hope you keep the host well protected with regards to this type of testing. A VM is no guarantee of a secure sandbox.

Score: 0

By jafo818

posted Aug 25, 2008 - 2:27 PM

You think they'd do it on a box connected in anyway to their web host? I think they're smarter than that.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue