The Koobface worm first appeared in June, but now it’s back in greater strength, targeting social networking users with PCs – those with Macs or running Linux are not affected. The Guardian reports that security company F-Secure says Koobface is running on Facebook, Bebo, MySpace, Friendster, Myyearbook and Blackplanet.
So how does it work? Well, once one person is infected, the malware starts sending out messages to people on the friends’ list saying things like "Are you sure this is your first acting experience?", "is it u there?", "impressive. i’m sure it’s you on this video", "How can anyone get so busted by a spy camera?" and "You’re the whole show! i’m admired with you".
The comments link to a supposed video download. But when someone attempts to start the download, it stops, saying the user needs a new of Flash Player. Click to download that, and Koobface installs instead.
The worm diverts all search engine requests to a very different site, claims McAfee’s Craig Schumgar, going to find-www.net. That means those responsible make cash from sites that receive traffic from the search, and users also find themselves inundated by fake antivirus scanners that put yet more malware on their machines.
Facebook has posted a warning on its security page, and is advising users to reset passwords and use one of its recommended antivirus scanners. A spokesman said:
"We’re removing the spam messages and coordinating with third parties to remove redirects to malicious content elsewhere on the web."
