Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new variant of the Koobface worm has begun spreading on the social networking site Facebook.
Rik Ferguson, senior security advisor at Trend Micro, claimed that he had received a Facebook message from a friend that contained a link to a spoof YouTube video.
Ferguson said: "The link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from. In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering."
He further reported that clicking the install button redirected him to a download site for the file setup.exe, which is the new Koobface variant detected as WORM_KOOBFACE.AZ. This is hosted on an IP address in another part of the world and Trend Micro had seen more than 300 different unique IP addresses hosting the malicious .exe file, and it was expecting more.
Trend Micro engineers have revealed that WORM_KOOBFACE.AZ propagates through other social networking sites by first searching for cookies created by sites such as Friendster, MySpace, Bebo, Tagged and LiveJournal.
Ferguson said: "The worm connects to a respective site using login credentials stored in the gathered cookies. It then searches for an infected user's friends, who are then sent messages containing a link where a copy of the worm is downloaded. It also sends and receives information from an infected machine by connecting to several servers. This allows hackers to execute commands on the affected machine."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.