Researchers say that the 'Koobface' worm - which has been circulating through the popular social networking service, Facebook - is still on the loose, despite Facebook's efforts of cleaning up the mess.
Craig Schmugar, a threat researcher at McAfee Inc, was one of the first security researchers to notice Koobface's spread on Wednesday, and notify Facebook. This attack on the world's most popular social networking site, and its 120 million users, came within weeks of Facebook winning an $873 million lawsuit against people accused of hacking user accounts and spreading spam.
Schmugar said Koobface is a variant of one that hit MySpace, last August. Though the earlier version targeted both MySpace and Facebook, the new one has focused only on the latter. There are more than two dozen variants of the worm in circulation.
Koobface generates spammed links that lead to various compromised host sites, which appear to serve a video. The user receives a fake error message, saying that the version of Adobe Flash installed on his or her computer is out of date, thereby prompting the download of an update.
The update is malicious software that can easily by changed by those behind the attacks to exploit any of a variety of security vulnerabilities. At the moment, it installs a proxy server called tinyproxy. exe and a service called Security Accounts Manager that loads the proxy server at startup. According to Schmugar, the server listens on TCP port 9090 and scans all HTTP traffic to intercept search results for the purpose of ad hijacking and click fraud.
Acknowledging the worm's attack, Facebook has posted a short message on its security page. The instructions urge users, whose accounts had already been compromised, to remove the 'Koobface' virus thus: 'give your computer an antivirus scrub-down and change your Facebook password'.
0 comments:
Post a Comment