Shortly after a phishing attack that targeted the 200 million users of immensely popular social networking site, Facebook, another attack was launched by cybercriminals. This time however, the attack targets not only Facebook users but also members of Tagged, Friendster, MySpace and other networking sites as well.

A new Koobface attack was found, which uses the very same fake YouTube site utilized in another recent Koobface attack, which scared users into breaking CAPTCHA codes for cybercriminals.

Once executed, the Koobface worm searches the affected system for cookies related to social networking sites, then attempts to extract login credentials from them. Once done, it sends a HTTP POST request to a remote server. The server then answers the request with data that triggers the creation of a message that contains a link to a copy of the worm. The said message is then sent to the contacts of the affected user.

Samples of this Koobface worm are detected by Trend Micro as WORM_KOOBFACE.ET, WORM_KOOBFACE.EY, and WORM_KOOBFACE.EX, while the Facebook phishing page has been blocked since May 15, 2008.

Here are previous reports related to Koobface:

• Koobface Tries CAPTCHA Breaking
• Bogus Facebook, Malware, and a Dancing Girl
• New Variant of Koobface Worm Spreading on Facebook
• Malevolent Social Networking: Now on Friendster
• Malevolent Social Networking: Now on Friendster
• Worms Wriggling Their Way Through Facebook

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!