Facebook invasion: Beware of new 'smart' worm

On the heels of a reported hijacking of hundreds of FB groups, an old worm's new variation is getting into the social network

Hot on the heels of a reported hijacking of hundreds of Facebook groups, a new variation on an old worm is crawling its way into the social network's walls. Attackers have released an updated, more intelligent version of the notorious Koobface virus, security analysts say--and anyone could become its next victim.

The Facebook Hijack

First, the hijacking: An organization called "Control Your Info" apparently took control of as many as 300 Facebook groups over the past several days. Members added their own logo onto the pages, announcing they'd "hijacked" the groups and providing a link back to their own site.

(Facebook maintains no confidential information was ever exposed--the affected groups, representatives say, were abandoned and open for any member to take over.)

The "Control Your Info" Web site states that the organization's mission was to expose security holes in social media--a fitting segue to today's new threat.

Facebook's New Concern

The new threat has a familiar name. Koobface--which, by the way, is an anagram of the word Facebook--first popped up in mid-2008 and has been pestering users ever since.

The worm typically works by taking over your PC, then sending messages or wall postings to your friends. The messages include links to what appear to be funny videos or risqué photos of people you and your friends know. Anyone who follows the links, however, will ultimately end up infected with the malware themselves--usually by way of a bogus software update that pops up on-screen.

The updated Koobface variation, according to the virus-fighting team at Trend Micro, takes things a step further by automating the entire process. Instead of depending solely upon real accounts to spread the malicious links, the attackers have found a way to have bots do their bidding.

Here's how Trend Micro says it's happening: Botnets are registering new Facebook accounts and confirming them via accompanying Gmail addresses, all without any human interaction. The zombie accounts are then joining Facebook groups, adding friends, and posting dangerous links onto those people's walls.

"This new component behaves like a regular Internet user that starts to connect with friends in Facebook," explains Jonell Baltazar, an advanced threats researcher with Trend Micro. "The details provided about the account are complete such as a photo, birth date, favorite music, and favorite books."

The system is even advanced enough to monitor maximum friend levels allowed by Facebook, Baltazar says, to avoid drawing any attention to the ill-intended account.

Facebook Protection

So, what can you do to keep yourself safe from this Koob-faced villain? The steps are nothing you haven't heard before: Keep your antivirus software up to date, and use some common sense.

Antivirus software will alert you if you click onto a site that's known to host malware -- and that's exactly where these Koobface links want to take you. The easiest way to stay safe, then, is just to be cautious in choosing what you click.

If you see a link that looks questionable, even if it's from someone whose name you know, don't follow it. And if you find yourself on a Web page that's asking you to download a software update, don't do it. Instead, close the window and go directly to the software vendor's own Web page to see if the update is the real deal.

Otherwise, you might end up with Koob smeared all over your face--and, suffice it to say, that's one fate you'd be better off avoiding.

JR Raphael is the co-founder of geek-humor site eSarcasm. You can keep up with him on Twitter: @jr_raphael.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityFacebooksocial networking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

JR Raphael

PC World (US online)
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?