Over the past week, Koobface intensified its Twitter campaign, tweeting a variety of messages instead of the usual one message at a time spam campaign as with the text “My home video : ).”

So far, we have seen more than 40 distinct messages spammed to Twitter. Here is a sample of the new Koobface campaign.

The following list the messages we have seen spammed in Twitter.

Congratulations! You are on hidden camera!
Congratulations! You are on news!
Congratulations! You are on TV!
Hey! Are you really in that video?
Hey! Is that really you in that video?
Hey! You are on hidden camera!
Hey! You are on news!
Hey! You are on TV!
Holly shit! Are you really in this video?
Holly shit! You are on hidden camera!
Holly shit! You are on news!
Holly shit! You are on TV!
Nice! Your ass looks awesome on this video!
Nice! Your ass looks great on this video!
Nice! Your body looks awesome on this video!
Nice! Your booty looks awesome on this video!
Nice! Your booty looks great on this video!
Saw that video the other day… Did you really do that?
Saw that video the other day… How could you do something like that?
Saw that video the other day… How could you do such a thing?
Saw that video the other day… Why did you do that?
Saw that video yesterday… Did you really do that?
Saw that video yesterday… How could you do something like that?
Saw that video yesterday… How could you do such a thing?
Saw that video yesterday… Why did you do that?
Sweet! Your ass looks awesome on this video!
Sweet! Your ass looks great on this video!
Sweet! Your body looks great on this video!
Sweet! Your booty looks awesome on this video!
Wow! Are you really in that video?
Wow! Are you really in this video?
Wow! Is that really you in that video?
You were caught on our hidden camera!
You were caught on our secret camera!
You were caught on our stealthy camera!
You were seen on our hidden camera!
You were seen on our secret camera!
You were seen on our stealthy camera!
You were sighted on our hidden camera!
You were sighted on our secret camera!
You were sighted on our stealthy camera!

All of those messages come with a URL pointing to a copycat Facebook website, which will try to install setup.exe—the Koobface malware.

Trend Micro Smart Protection Network blocks the malicious URLs in this attack so that users never get to download the malicious file. The malicious file, nevertheless, is already detected as WORM_KOOBFACE.V.

TrendLabs experts are regularly asked what—in their opinion—are the most dangerous malware of all time. While the question begs more questions, TrendLabs experts give out recurring answers based on high-level assessments of malware effectiveness in endangering users’ online experiences relative to the technologies available during the time the malware reached peak prevalence. As MSBLAST celebrates its sixth year anniversary of plaguing the Internet, we’ve highlighted the worst we’ve seen so far, along with the runners-up, of which MSBLAST is one.

1. DOWNAD: Multiple Propagation, Multiple Damage – Found in November 2008, this massive threat took advantage of the MS08-067 vulnerability. It spawned several other variants, each new variant an improvement over the last. It impacted LAN traffic in several corporate networks.
   The attack was also notable for generating up to 50,000 domains and connecting to 500 of these, strategically evading efficient domain takedown (or even monitoring potentially malicious sites) and taking advantage of low-cost domain name registration.
2. KOOBFACE: The Scourge on Social Networks – Initially found in August 2008, KOOBFACE leveraged on the connectivity serviced by social networking sites like Facebook and MySpace. It infects user profiles so that cybercriminals are able to break into users’ circle of trust, increasing chances of propagation (infected user’s contacts assume posted links are harmless because they trust the profile owner)
   KOOBFACE possesses a dynamic update capability, allowing it to spread to other social networking sites and perform more malicious routines
3. ZBOT: Organized Information Theft – Also known as variants of Zeus malware, ZBOT Trojan spyware are usually delivered via the Web either by email or Web exploits. Underground research and documented cases reveal it is a thriving business where infected computers give up their owners’ personal information (credit card info) to remote servers / cybercriminals.
   ZBOT variants are especially damaging due to their ever-changing social engineering techniques that are often understated (not sensational)
4. SQL Slammer: Single-Handed Internet Sabotage – This attack is notorious for drastically slowing down general Internet traffic in the early morning of January 25, 2003 (UTC). Noteworthy is the fact that this was achieved despite it being a solitary packet worm in memory, attacking without a file system component, and exploiting an already patched buffer overflow bug in MS SQL Server and Desktop Engine (MS02-039).
   However, what is more notable is that trickling effects of this threat are still being seen in present-day Internet.
5. VBS_LOVELETTER: Internet Love Bug – This attack with a remarkably simple yet effective social engineering (the string “ILOVEYOU” in the subject heading) that triggered curiosity of recipients first plagued email inboxes in May 4, 2000. It infected 10% of computers worldwide, with each harboring an average of 600 infected files.

Here are other notable attacks that though not as severely as the ones listed above, affected users from around the globe with their remarkable routines:

• Melissa Virus – The first mass-mailer (started in March 1999); shut down entire Internet mail systems clogged with infected emails
• MSBLAST – One of the more memorable network worms to take advantage of system vulnerabilities. It was first triggered around this time in the year 2003.
• SDBOT/AGOBOT – Pioneered modular IRC-based botnets; current IRC bots still use the same codebase; still alive today
• Web Toolkits – Collective term for commercial-grade software that aid cybercriminal activity; allegedly responsible for high-profile web compromises like the “Italian Job”
• ILOMO – Trojans arriving via Web-based exploits that stay active in memory even after the binary has been deleted from the system resulting to multiple, recurring reinfections (first appeared March 2009)

Each of the top threats were the most dangerous during their time and within their respective fields. Notably, all of them are attacks that gained momentum via the Internet.

The most dangerous is still likely the newest one to come out of the malware underground markets. In the majority there can only be better versions of already detected variants so users should be most involved in keeping their personal information safe from theft. Companies likewise should safeguard company information and assets with the same vigilance as a country at war.

These days the most likely way threats come in is the Internet. Thus we consider that the most obvious and effective way to stop them is to control/proof the URL being recalled by the browser or applications. For your safety we hope you already had switched on the Web Reputation Service in your Trend Micro product. In case you are still uncertain you may test it for free by using TrendProtect Toolbar with your Internet Explorer browser or install try our Web Protection Add-On which may work along with your existing security solution.

In the modern age of Web threats, an old-fashioned virus is definitely something of a throwback. We have received reports of one such malware affecting the computer-aided design (CAD) program, AutoCAD.

The said malware — detected as ACM_UNEXPLODE.C — spreads by infecting AutoCAD files opened in an affected system. If this sounds familiar, it is—except that it used to be done with more common applications like Microsoft Word. An infected AutoCAD file could become corrupted, which could pose a serious problem given the time and expense expended by users using CAD programs.

In addition, it also adds various entries to the Windows registry. These add a user named SERVICER to the system with administrative rights. All drives with letters from C to I are also shared.

The said malware is already detected by the Smart Protection Network. In addition, AutoDesk has released a workaround at their official blog.