McAfee: Koobface Facebook Virus Is On The Rise

By Justin Lafferty 

Facebook is trying to educate users more about scams that seep through its News Feed, but according to antivirus firm McAfee, there has been an increase in the first quarter in reports of Koobface, a virus that hijacks Facebook accounts.

USA Today described how Koobface operates:

Its creators initially sent Facebook users friendly messages asking them to click on a link to see a video. Doing so called up another message asking the recipient to click on an executable file — a small computer program — needed to upgrade a video player required to view the video. In a classic bait-and-switch, clicking on the file instead turned over control of the PC to the attackers.

The worm then automatically sent similar viral messages from the victim’s account to his or her Facebook friends.

By clicking on the malicious file, the victim unintentionally chooses to run the bad code. So no actual hack of the computer’s hard drive is needed.

Back in 2008, Koobface was widespread, as many users saw their accounts deleted thanks to the virus. It takes the vital login information from Facebook (or other social media) accounts. In 2012, Facebook donated $250,000 to the University of Alabama, Birmingham, for the work that the Center for Information Assurance and Joint Forensics Research did to help stop the spread of Koobface.

Vincent Weafer, senior vice president of McAfee Labs, commented on Koobface’s resurgence:

Cybercriminals have come to appreciate that sensitive personal and organizational information are the currency of their “hacker economy.” The resurrection of Koobface reminds us that social networks continue to present a substantial opportunity for intercepting personal information. Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber-espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly targeted attacks are achieving new levels of sophistication.

Readers: Has your account been hacked in this manner?

Image courtesy of Shutterstock.