Home Cybersecurity Koobface Worm Returns to Spread 'AV Security Suite' Rogue Anti-Virus Program

Koobface Worm Returns to Spread 'AV Security Suite' Rogue Anti-Virus Program

Posted: July 20, 2010

Koobface Worm now installing a Trojan horse that spread the rogue AV Security Suite

The Koobface worm has been around for a couple years now being one of the most malicious computer parasites to threaten Facebook users. Over time Koobface, among other popular malware infections, changed into something totally different. This is just what has happened in the past few weeks with Koobface as it aims to install a rogue anti-virus program on to users computers.

Most times computer infections go unnoticed so they can do the dirty work without being interrupted. This works great in the cases that the malware creators want to spread the computer infection to other systems. On the flip side you have those type of computer viruses, or malware, that cause noticeable damages. These type of infections usually do not spread because the system is damaged making it unable to operate in a manor to "send" the virus to another computer. Koobface is now one of those types of parasites.

Koobface was just upgraded to have DNS hijacking functionality. This type of function will allow Koobface to basically black access to security sites which prompts many computer users to think that there is something seriously wrong with their system. Not only does Koobface now perform this function but it takes it a step further by installing a Trojan horse which then downloads a rogue known as AV Security Suite. AV Security Suite is a fake security program that uses deceptive tactics to trick computer users into buying a piece of software that serves no purpose for fixing the issue at hand.

Further complex actions take place after the installation of AV Security Suite. The Trojan horse initially installed by Koobface acts as an HTTP proxy and reconfigures Internet Explorer to send any HTTP requests through the new proxy which blocks all websites except those to purchase fake antivirus software such as AV Security Suite. After that, a plethora of popup alerts are displayed by Koobface with fake error messages.

What is so scary about Koobface now is that it blocks executable programs from running making the infected computer almost usless. After further examining the Koobface parasite and AV Security Suite, it is apparent that the creators ultimately want users to spend between $50 and $70 on bogus security software.

The creators of Koobface are now focusing on a quick payday instead of actually leveraging their efforts to spread the infection silently. They basically send the infection out to users and those who selectively choose to run the virus will be confronted with this scenario. The way they send the infection out is through fake online videos that when clicked upon, initiate the installation of the malware. Usually the video is something very enticing or even a porn video that the hackers realize will be too good to resist for the gullible computer user.

Loading...