Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    koobfaceShortly after a phishing attack that targeted the 200 million users of immensely popular social networking site, Facebook, another attack was launched by cybercriminals. This time however, the attack targets not only Facebook users but also members of Tagged, Friendster, MySpace and other networking sites as well.

    A new Koobface attack was found, which uses the very same fake YouTube site utilized in another recent Koobface attack, which scared users into breaking CAPTCHA codes for cybercriminals.

    Once executed, the Koobface worm searches the affected system for cookies related to social networking sites, then attempts to extract login credentials from them. Once done, it sends a HTTP POST request to a remote server. The server then answers the request with data that triggers the creation of a message that contains a link to a copy of the worm. The said message is then sent to the contacts of the affected user.

    Samples of this Koobface worm are detected by Trend Micro as WORM_KOOBFACE.ET, WORM_KOOBFACE.EY, and WORM_KOOBFACE.EX, while the Facebook phishing page has been blocked since May 15, 2008.

    Here are previous reports related to Koobface:

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • scott

      I picked this up today!

    • scott

      How do you detect and/or get rid of the koobface virus?


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice