New Worm Has Many (Koob)Faces
Identity theft has become a common occurrence in recent years but little has been said about a new threat, called identity production with malicious intent.
A new version of the notorious Koobface (W32/Koobface) worm does this automatically.
Koobface is a computer worm that is programmed to propagate through social network sites like Facebook, Twitter and MySpace. The new version that inspired this security article has some new fuctionality, and automatically performs actions like:
- Setting up accounts on Facebook.
- These accounts have characteristics that seem legitimate, like date of birth, favorite books or pictures.
- The accounts' details vary for every account that is set up.
- Confirming that an email address from Gmail is correct (used to be able to activate the Facebook account).
- Joining random Facebook groups.
- Adding other Facebook users as friends.
- Posting messages to the new friends' Facebook walls.
With all this functionality it naturally makes it harder to determine that it is an automatic malware impersonating a human, and not a real person.
The new Koobface variant is yet another example of the fact that malware is getting increasingly sophisticated. Typical malware usually sends out malicious emails using email addresses found on the infected computer.
The email recipient trusts emails sent from a known person, but the Koobface worm will often produce somewhat bizarre side effects, like an email with content in another language.
Another technique used by Koobface is not attempting to impersonate a real person, but to rather create a fictitious person. The strange thing is attempts to investigate the sender will result in finding information that seems to some almost legitimate.
Malware writers are clearly making it a priority to refine the art of creating variations for identity production. If one looks at it from the malicious persons' point of view, it is smart to be in the forefront among those using this technique; before the common users get better equipped to distinguish between communicating with a real person and a computer generated one.
Be weary of this and expect to see more examples of malware using variants of this technique in the future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.