Author Topic: Koobface Now Using Christmas Theme  (Read 778 times)

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • Posts: 10398
Koobface Now Using Christmas Theme
« on: November 30, 2009, 01:14:21 PM »
The Koobface Web site offers a video posted by 'SantA'. The usual ruse of requiring a codec to watch the video is used, to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products according to VirusTotal.

On the compromised Facebook page the user is presented with a link to ch[removed]cher.ch which is a compromised site in Switzerland. The user is redirected to one of several Koobface Web sites through a malicious Flash movie file hosted on the compromised site. If the user runs the infected file, the worm will automatically login to their Facebook, Myspace, and several other social networking sites and send messages to all their friends.

More with screenshots:
http://securitylabs.websense.com/content/Alerts/3505.aspx

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-


There are any comments for this topic. Do you want to be the first?