I have recently been surfing about “The Social Network” (by the way, watch it if you haven’t yet, great movie) and Facebook when I came across the term “Koobface”, an anagram of “Facebook”. Like many of us, the term was unfamiliar to me and so I decided to write a blog post about it.
Internet and Web 2.0 have contributed a lot to the way we do things; be it how we socialize (social network websites), communicate (e-mail), do business (online shopping) or gather information (Wikipedia) and so on. But this is not always for the general good. With the emergence of Web 2.0, new threats break through as well. One such threat is Koobface.
It is no surprise that cyber-criminals have now chosen social networking websites as their new mean to propagate malware. Koobface is one of the first malwares that has successfully and continuously spread around using social network as its medium of propagation.
Usually, a Koobface attack is initiated with a spam sent through social networking websites such as Facebook, Twitter or MySpace. The spam has a catchy message with a video link. It can also send messages to the inbox of the user’s friend from the same social network. Once the user clicks on the link, he is redirected to a look-alike Youtube website which requires the user to install an executable (.EXE) file in order to watch the video. The downloaded file is malicious and infects the computer.
Koobface makes clever use of the link-sharing behaviour that is often seen among social-networking site users. Moreover, Koobface is very modular and, thus, a simple addition of propagation component can make it target other social networks. A real threat indeed since the propagation of the malware to other social networks is very easy and quick to implement.
It has been about one year since its “launch” and Koobface is still successfully extending its reach across networks. It is looked upon as a role model for a new generation of malware.