Koobface Now Using Christmas Theme

  • 0 Replies

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10632
Koobface Now Using Christmas Theme
« on: November 30, 2009, 01:14:21 PM »
The Koobface Web site offers a video posted by 'SantA'. The usual ruse of requiring a codec to watch the video is used, to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products according to VirusTotal.

On the compromised Facebook page the user is presented with a link to ch[removed]cher.ch which is a compromised site in Switzerland. The user is redirected to one of several Koobface Web sites through a malicious Flash movie file hosted on the compromised site. If the user runs the infected file, the worm will automatically login to their Facebook, Myspace, and several other social networking sites and send messages to all their friends.

More with screenshots:

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-