Koobface WormBack in August 2008—when you were still juggling Facebook and MySpace profiles—unsuspecting social networkers found their machines infected by Koobface, a particularly nasty computer worm. Koobface (an anagram for Facebook) caught its victims by tempting them with tantalizing Facebook links to videos “you’ve gotta see”—sometimes claiming the videos were of the targets themselves. However, once curious users clicked, they were directed not to videos but to fraudulent download sites promising the Adobe Flash update necessary to view said video. But rather than Flash, the innocent downloaded the Koobface worm.

Once downloaded, the Koobface worm went to work behind the scenes, calling out from your computer to a command-and-control (CnC) server. Basically, your machine became a “zombie” computer, joining forces with other infected machines in a “botnet.” Suddenly, you began receiving pop-ups and other ads for antivirus software … useless products that only served to line the pockets of Koobface’s propagators, who were, by the way, living the high life in St. Petersburg, Russia. (Early on, Facebook knew who was behind Koobface, even posting photos of the gang in its security team’s office.)

Stopping the Koobface worm

Facebook quickly got to work to stop Koobface, blocking links to phishing sites and improving its automated abuse detection systems. In addition, Facebook joined forces with the Microsoft Malware Protection Center to address the code lurking on Koobface victims’ machines. Despite Facebook’s response, however, additional bad actors continued to capitalize on Koobface, spreading enough persistent rumors about new iterations of Koobface or “Knobface” that the worm even earned its own Snopes page.

The moral of the story? Click with caution.

Subscribe to SmaterMSP


Photo: Lewis Tse Pui Lung / Shutterstock.com

Kate Johanns

Posted by Kate Johanns

Kate Johanns is a communications professional and freelance writer with more than 13 years of experience in publishing and marketing.

Leave a reply

Your email address will not be published. Required fields are marked *