General9.07.2009

Social media worm spreading

Social media worm is spreading

Kaspersky Lab says it saw an increase of Koobface modifications throughout the month of June, due to vacations across the northern hemisphere.

The number of variants detected jumped from 324 at the end of May 2009 to almost 1000 by the end of June 2009.

Koobface, which was initially detected by Kaspersky Lab as Net-Worm.Win32.Koobface, became popular when it appeared one year ago targeting Facebook and MySpace accounts. The Koobface worm is spreading through a legitimate user’s account to their friends’ profiles.

Comments and messages sent by the worm contain a link to a fake YouTube style website which invites users to download a “new version of Flash Player”. The worm, rather than a media player, is then downloaded to victim machines. Once a user is infected, he or she will start spreading such messages to his or her friends.

Since its appearance the functionality of the worm has been extended. Koobface is now targeting more social networking websites like Facebook, MySpace, Hi5, Bebo, Tagged, Netlog and Twitter.

“This sign of increased cybercriminal activity involving social networks in the past month proves that the strategies being used by the bad guys to infect users are much more efficient when adding the social context to their attacks,” says Stefan Tanase, Malware Researcher of Kaspersky Lab.

Kaspersky Lab users running any of the Company’s current anti-malware products are fully protected from all known variants of Net-Worm.Win32.Koobface.

Sign up to the MyBroadband newsletter