Koobface Worm Targeting Facebook Users

Forum Moderators: rogerd

Message Too Old, No Replies

Koobface Worm Targeting Facebook Users

engine

3:28 pm on Dec 5, 2008 (gmt 0)

Koobface Worm Targeting Facebook Users [news.cnet.com]

A worm responsible for sending Facebook users malicious code appears to be limited in nature, although the social engineering attack may be used again, say experts.
Facebook representative Barry Schnitt said the worm isn't new; it dates back to August, although the variant that first appeared on Wednesday targets only Facebook users.
Craig Schmugar, threat researcher for McAfee Avert Labs, confirmed this in a call with CNET News and said that, in general, Koobface strikes only social-networking sites.
After receiving a message in their Facebook in-box announcing, "You look funny in this new video" or something similar, recipients are then invited to click on a provided link. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe.

rogerd

3:50 pm on Dec 5, 2008 (gmt 0)

Interesting, nice social engineerng spin to get users to install something that normally would be rejected.

kamikaze Optimizer

9:41 am on Dec 7, 2008 (gmt 0)

I received that link via FB from a "friend". I am smart enough to not click on those type of links, even as inviting as it was.

However I am not so sure that my children would be as smart. (who often use my laptop after I go to bed).

This is really old news, it has been going around since August. It just seems that the main stream press is just now getting on it since Myspace issues are truly old old news.

[edited by: kamikaze_Optimizer at 9:42 am (utc) on Dec. 7, 2008]

bill

12:02 pm on Dec 7, 2008 (gmt 0)

Surf with Opera. Disable Cookies, Java, JavaScript, and Plug-ins by default. Manually enable only what you trust...
Safest browser out there. It's my default.

On FF use NoScript. Lock everything else down.

This isn't tin-hat behaviour anymore. This is what I'd teach my kids...Trust only those people you know. If not, no access.

engine

5:10 pm on Dec 8, 2008 (gmt 0)

>This is really old news,

Indeed, the worm has been around for a while, however, its latest variant is Facebook only. In addition, I don't think it does any harm to bring this to the attention of the widest possible audience.

zuko105

5:44 pm on Dec 8, 2008 (gmt 0)

Disable Cookies, Java, JavaScript, and Plug-ins by default. Manually enable only what you trust...

Seems to defeat the whole purpose of surfing and using the internet though doesn't it? Obviously the old guard here has their sites tuned to where the core functionality works just fine under these circumstances, but what about the rest of the internet?

Maybe a 'collective trust rating' could be established for each site, but even then a site like facebook is still vulnerable to someone exploiting it.

bill

7:51 am on Dec 9, 2008 (gmt 0)

Seems to defeat the whole purpose of surfing and using the internet though doesn't it?

How's that? Do you leave the door to your house unlocked and open when you leave?

I'll agree that it does take a little more effort to turn things on, but I feel a lot safer not letting these sort of exploits run by default.

collective trust rating

This has been tried before. One of the earlier companies was Cloudmark. There are a number of these services now like Web of Trust. You can download their toolbars and plug-ins if you're comfortable with that sort of thing.