Often, criminals use spam with a combination of social engineering tactics to propagate their malware. However, hackers are increasingly looking for newer, alternative ways to infect computers. Over the past few weeks, we have received reports of malware that exploits social networking sites like Facebook, Bebo, MySpace and Friendster as a more 'trendy' means of infection. This malware is known as Koobface.
If you are a fan of these social networking websites, chances are you have seen these type of messages:
A sample Koobface message in Facebook
A sample Koobface message in Friendster
If you click on one of these links, you will get redirected to a site that hosts the malware and encounter a fake 'video' claiming that you need to upgrade your Flash version.
In this case, the fake Flash installer downloads the Koobface bot (an executable file).
Like any other bot, Koobface connects and receives instructions from its command and control (C&C) server. It detects when a user has logged on and has an active session connected to a social networking site. Information is then sent to its command and control server. Koobface uses that session to collect all the user's friends. A spamming template is then received from Koobface's C&C server and it sends messages to all the user's friends it collected.
With millions of users getting hooked on these social networking sites, it is unsurprising how successful Koobface has been infecting users in this way.
For more detailed information on Koobface, ThreatExpert has an excellent analysis of this malware.
