APRIL 2009

Bad Behavior

Social networking sites are a favorite target of malware. Find out how to make sure one prolific threat seen spreading through these communities, the Koobface worm, stays off your friends' list on Facebook and other networking sites.

Understanding the Threat
The reappearance of the Koobface worm may be putting a damper on the spirits of social networking enthusiasts. And, unfortunately, it's not just Facebook users that need to be aware of this nasty. While the word "Koobface" is actually a variation of the spelling of "Facebook," it's important to keep in mind that this threat has been seen targeting the users of other social networking sites, as well.

Koobface is not a new threat (surfacing initially in August 2008), but it is a dangerous one that continues to make the rounds, in a renewed effort to infect your computer and steal personal information by catching you when your guard is down.

Koobface proliferates by using social networking sites' messaging systems to infect PCs. Users are usually less suspicious of malware infection via networking sites, industry experts say, because you need to be a member to log-in.

According to Lavasoft Malware Labs, since Koobface was first added to Ad-Aware's Detection Database in 2008, new versions of this malware have been found and included in every other Definitions File update; currently, an estimated 200 different versions of the malware have been identified and are in detection. November 2008 and January 2009 saw a high spike in the amount of Koobface worm variants added into detection, accounting for an estimated 40 percent increase from the usual monthly average, according to Lavasoft malware analysts.

The Bad Behavior
How exactly does the bad online behavior play out? The malware harvests log-in information for social networking sites - such as Facebook, MySpace, Bebo, LiveJournal, Hi5, and Tagged - from cookies stored on the victim's machine. Using this harvested log-in information, the malware logs-in to the social networking site. It then sends a message to the infected user's friends that contains a link and an invitation to watch a video. Clicking on the link takes the user to a page where he or she is told they must install a codec to view the video. This, of course, is not a codec but a copy of the malware which the unwitting user runs on their machine. A backdoor is then installed on the infected machine, allowing hackers to run commands on the compromised PC.

Winning Strategies
What's the best way to steer clear of this threat? Be sure to keep your anti-virus and anti-spyware software up-to-date. (This threat is detected by Ad-Aware as Win32.Worm.Koobface.) You'll also need to be leery of any suspicious messages you receive within social networking sites, even if they appear to come from a friend.

For further information, you will be able to find specific guidelines directly on the social networking sites that you use; for example, you can visit Facebook's safety information and tips at www.facebook.com/safety/.

To learn more about how you can embrace social networking sites and stay secure from threats like Koobface, read our article "The 5 Essentials for Safe Online Socializing."


20% off Identity Finder Buy Now Learn More

By The Numbers
According to Lavasoft Malware Labs, November 2008 and January 2009 saw a high spike in the amount of Koobface worm variants added to Ad-Aware's Detection Database, accounting for an estimated 40% increase from the usual monthly average.
Tips & Tactics
ID theft is running rampant in 2009. Find out the steps you should be taking to keep your sensitive data out of criminal hands. Read more
What People Are Saying
"Keep up the good work guys and thanks for making PC and Internet use a lot safer."

- Barry (Cornwall, U.K.)

Two University of Gothenburg (Sweden) students are writing their master's thesis in cooperation with Lavasoft. Please help by taking their brief survey.
Forward to a Friend
Pass on the news, tips and offers in this issue - e-mail Lavasoft News to a friend.

Lavasoft AB Odinsgatan 10, 411 03 Gothenburg, Sweden | www.lavasoft.com | editor@lavasoft.com