Facebook invasion: Beware of new 'smart' worm

On the heels of a reported hijacking of hundreds of FB groups, an old worm's new variation is getting into the social network

Hot on the heels of a reported hijacking of hundreds of Facebook groups, a new variation on an old worm is crawling its way into the social network's walls. Attackers have released an updated, more intelligent version of the notorious Koobface virus, security analysts say--and anyone could become its next victim.

The Facebook Hijack

First, the hijacking: An organization called "Control Your Info" apparently took control of as many as 300 Facebook groups over the past several days. Members added their own logo onto the pages, announcing they'd "hijacked" the groups and providing a link back to their own site.

(Facebook maintains no confidential information was ever exposed--the affected groups, representatives say, were abandoned and open for any member to take over.)

The "Control Your Info" Web site states that the organization's mission was to expose security holes in social media--a fitting segue to today's new threat.

Facebook's New Concern

The new threat has a familiar name. Koobface--which, by the way, is an anagram of the word Facebook--first popped up in mid-2008 and has been pestering users ever since.

The worm typically works by taking over your PC, then sending messages or wall postings to your friends. The messages include links to what appear to be funny videos or risqué photos of people you and your friends know. Anyone who follows the links, however, will ultimately end up infected with the malware themselves--usually by way of a bogus software update that pops up on-screen.

The updated Koobface variation, according to the virus-fighting team at Trend Micro, takes things a step further by automating the entire process. Instead of depending solely upon real accounts to spread the malicious links, the attackers have found a way to have bots do their bidding.

Here's how Trend Micro says it's happening: Botnets are registering new Facebook accounts and confirming them via accompanying Gmail addresses, all without any human interaction. The zombie accounts are then joining Facebook groups, adding friends, and posting dangerous links onto those people's walls.

"This new component behaves like a regular Internet user that starts to connect with friends in Facebook," explains Jonell Baltazar, an advanced threats researcher with Trend Micro. "The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books."

The system is even advanced enough to monitor maximum friend levels allowed by Facebook, Baltazar says, to avoid drawing any attention to the ill-intended account.

Facebook Protection

So, what can you do to keep yourself safe from this Koob-faced villain? The steps are nothing you haven't heard before: Keep your antivirus software up to date, and use some common sense.

Antivirus software will alert you if you click onto a site that's known to host malware -- and that's exactly where these Koobface links want to take you. The easiest way to stay safe, then, is just to be cautious in choosing what you click.

If you see a link that looks questionable, even if it's from someone whose name you know, don't follow it. And if you find yourself on a Web page that's asking you to download a software update, don't do it. Instead, close the window and go directly to the software vendor's own Web page to see if the update is the real deal.

Otherwise, you might end up with Koob smeared all over your face--and, suffice it to say, that's one fate you'd be better off avoiding.

JR Raphael is the co-founder of geek-humor site eSarcasm. You can keep up with him on Twitter: @jr_raphael.

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitysocial networkingFacebook

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

JR Raphael

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?