Facebook is struck by Koobface virus


By Joe Vanderham, May 25, 2010


A well known worm, named the Koobface virus, appears to be back on the loose again.  This virus has been responsible for attacking users via social networking sites in the past, but for now is limited only to Facebook.


The virus is spread through the social networks messaging system, usually with a subject line such as, "I saw you on TV".  The recipient of the message is then provided with a link to a site to view the video.  Once they are there, they will be prompted to update their Flash player before they can view the video, whether it's up to date or not.  If the user chooses to get the update, they will be prompted to open a file called "flash_player.exe".  A perfectly legitimate sounding update, right?  Don't be fooled by this as some browsers, such as Internet Explorer, will tell you where you are downloading a file from.


Once the user has been infected with the virus, it prompts a downloaded program to load a service named "Security Accounts Manager" (SamSs) to load on system startup.  Koobface then proxies all HTTP traffic and steals search results from popular search engines and hijacks them to other, lesser known sites.  It may also be possible for this version of the virus to install other malicious apps.


It is easy to get caught up in all the excitement when someone sends you a video you have to see.  But it is just as easy to take some precaution when opening attachments.  Watch for odd names in the subject line of the message or maybe you got the same message from a couple friends.


There are instructions on Facebook how to remove the Koobface virus.  Make sure to update and run your anti-virus and anti-malware software.  Also be sure to change your Facebook password.


 Share    Bookmark and Share