Facebook Users’ Holiday Spirit Target of New Koobface Variant, Reports PandaLabs

December 9, 2009

GLENDALE, Calif., Dec. 9 /PRNewswire/ — Cybercriminals are capitalizing on the Christmas holiday in a new Facebook scam that renders users’ computers useless, reports PandaLabs, Panda Security‘s malware analysis and detection laboratory.

Following the posting of malicious links on Facebook users’ walls, the bait directs to a fake embedded video player that poses as a Christmas greeting. When users try to play the video or click on a link on the page, their computers download and install a variant of the well-known Koobface worm, Koobface.GK. An image of the scam is available at http://www.flickr.com/photos/panda_security/4166135978/.

After the virus is installed on a computer, a captcha is displayed that threatens to reboot the computer within three minutes. Although nothing happens after three minutes, the computer is rendered useless. Every time a user enters the captcha text, Koobface.GK registers a new domain where the infection files are hosted, facilitating the worm’s continued distribution. For an image of the captcha, visit http://www.flickr.com/photos/panda_security/4166136042/.

“Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks,” says Luis Corrons, technical director of PandaLabs. “Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels.”

Christmas: Cybercriminals’ favorite time of year

The latest attack takes advantage of an increase in Internet users sending Christmas greeting cards to their family and friends. It follows continued attention from cybercriminals on the holiday season, with Christmas-themed malware that is created year after year.

Examples of Christmas-specific malware first appearing in past holiday seasons include:

  • Zafi.D, 2002: Although this worm appeared several years ago, it is still distributed through e-mails that use Christmas greetings as bait. It opens a port on the infected computer without users’ knowledge and downloads another Trojan.
  • MerryX.A, 2005. MerryX.A infected users’ computers in a Christmas greetings e-mail with an attachment, which was really a Trojan designed to capture keystrokes and steal information. A photo is available at http://www.flickr.com/photos/panda_security/4165379077/. This Trojan managed to infect more than 50,000 Internet users in only one week. For more information, visit http://www.pandasecurity.com/homeusers/security-info/101654/MerryX.A.
  • The Navidad (Christmas in Spanish), 2007. This malware family has numerous variants. These astute worms are difficult to detect because they reach computers are sent in the form of an e-mail reply, which has previously been sent to another (infected) recipient. The message includes the Navidad.exe file, which infects computers when run.

To stay safe on social networks, PandaLabs recommends Internet users do the following:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Facebook, other social networks and even via e-mail.

2) If you click on links, check the target URL. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange on the target URL page but are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages, there is probably malware on your computer.

5) As a general rule, make sure your computer is well protected to ensure you are not exposed to the risk of infection from any malicious code. You can protect yourself by downloading Panda Security’s new free Panda Cloud Antivirus solution at http://www.cloudantivirus.com.

About PandaLabs

Since 1990, its mission has been to detect and eliminate new threats as rapidly as possible to offer our clients maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda Security’s new security model which can even detect malware that has evaded other security solutions.

Currently, 94% of malware detected by PandaLabs is analyzed through this system of collective intelligence. This is complemented through the work of several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), who work 24/7 to provide global coverage. This translates into more secure, simpler and more resource-friendly solutions for clients.

More information is available in the PandaLabs blog: http://www.pandalabs.com

SOURCE PandaLabs

Source: newswire

comments powered by Disqus