Koobface Worm Strikes Facebook and Myspace
Howdy,
As some of may be aware (painfully, in some cases 
), Facebook and Myspace accounts have recently been attacked by a new worm.
The Worm
The worm, named Net-Worm.Win32.Koobface.a (Myspace), and Net-Worm.Win32.Koobface.b (Facebook), has the effect of compromising the security of your Facebook account and turning it in to a “zombie” (that’s a real computer science term), which then in turn propagates the virus.
The virus is spread on Facebook by using a victimized account to send messages with titles that are designed to pique your curiosity (e.g. “you must see it!!! LOL. My friend catched you on hidden cam”; “Hello”; “It was too easy to catch your a** on film”; etc.). Sometimes the titles are vulgar, which turn off some people (but, sadly, turns other people on). Other times it sounds legitimate.
It is spread similarly on Myspace. It is spread when the infected system creates a slew of commentaries on friends accounts (taking them to the same place).
Within the email is a link, purportedly taking you to “youtube” (or equivalent). Upon clicking on the link (“http://youtube.[skip].pl”), you are sent to “http://youtube.[skip].ru”. At the site, there really is a “video” embedded, but you are informed that you don’t have the latest version of Flash Player. The site, being the kind, generous type, provides the download for you. The file that is downloaded is the worm (entitled codecsetup.exe).
Once your account/system has been hacked, the virus then sends messages to everyone on your contact list, containing a similar message to the one you got (the title will often be different, however).
The Aftermath
Ok, so say you clicked on the link, downloaded the worm, and have a nightmare on your hands?
First of all, let me say that you can still get infected, even if you didn’t download the worm. I know of people who this has happened to. So don’t get cocky, kid!
Here is what you should do if you have it, think you have it, and/or have friends commenting on the new words added to your vocabulary (aka the vulgar titles):
- Reset your Facebook/Myspace password. This will go great lengths to halting the progression of the worm. If you are using this same password for other things in addition to facebook, change those ones too!
- Run a virus scan. No explanation necessary. If you don’t own one, go hide in the closet, they’re coming(pant, pant)…er…I mean, get one. NOW!
- Never trust anyone on the internet! Links can be cloaked, identities forged/stolen, websites mirrored.
- Get rid of that IE garbage…ok, that’s a little harsh. At least make sure you’re on IE7 or better…The ideal, of course, would be to get Firefox
. - Wash, rinse, repeat…:p
Except for the last one (which deals with your smell), these will go great lengths to erradicate the worm from your system. Remeber, this infects you system, not just your facebook account.
Love my mac!!
by Tony on Dec 5, 2008 at 9:37 am