Koobface Malware Returns to Facebook With a New Twist

Since first breaking out on Facebook in 2008, the Koobface worm has occasionally reappeared, each time with a slightly different approach to infecting Facebook users. Now, it seems that it's back and in full force. Researchers from online security company ESET discovered the reappearance last week, after noticing a slew of similar e-mail worms invade Facebook users' inboxes. According to ESET's blog, each e-mail contains a link that claims to lead to adult videos. In order to download said videos, though, the user must download a special video codec. Instead of providing porn, the download launches the malware, which, in typical malware fashion, sends the same message to all the contacts stored on the infected computer.

This time, there's an added, elusive twist to Koobface's ploy, as the malicious download only deploys after the very first click on the e-mail's link. Every click thereafter only brings up a 'Page Not Found' result, thus making it a lot trickier for security experts to analyze the variations of malicious codes that are out there. As of Wednesday, the ESET lab in Latin America that uncovered the Koobface resurgence claimed to have already identified and analyzed over 100 IP addresses that seem to be responsible for spreading the virus. Until researchers solve the Koobface riddle, though, the only surefire way to ward off an attack is by simply resisting temptation and not clicking on any suspicious links. [From: ESET; via: CNET]

Tags: facebook, inbox, koobface, links, malware, security, spam, top, virus