Skip to main content

OMG, 'Koobface' worm gets up in the grill of Facebook and MySpace fans

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American



On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


The "Koobface" software worm tormenting Facebook and MySpace users is still going strong, prompting them to download bogus software that infects their computers, sends spam out to their friends and allows hackers to redirect their Web searches.

The worm is activated when a person logs into his or her Facebook or MySpace account, creating and sending spam messages to listed friends via the Facebook or MySpace sites. The messages and comments include sophisticated fare such as "Paris Hilton Tosses Dwarf On The Street" and "My friend catched [sic] you on hidden cam" as well as a purported link to a video of the advertised content, according to security software maker Kaspersky Lab, based in Woburn, Mass. Clicking on that link delivers a message telling the user to download the latest version of Flash Player.

Instead of getting the latest player, though, the user gets software that spies on their actions, scanning all HTTP traffic, "in particular looking for traffic to Google, Yahoo!, MSN, and Live.com for the purpose of hijacking search results," Craig Schmugar, a security researcher for antivirus maker McAfee, Inc., wrote earlier this week on his blog. Translation: the Web traffic is diverted to other Web sties to pad their traffic results.

The outbreak has prompted a discussion thread of 194 Facebook users, since August 24, relating their experiences with Koobface. A user named Erin today posted to the thread stating that she was hit by the worm, "and I am HORRIFIED! It says something about seeing you posing naked and has some geocities link..."

User "Dale" described how the worm works. He wrote that he received a message from a Facebook friend saying, "I saw this video of you etc. It diverted me to a site that looked like youtube. It then stated my video player was out of date and to upgrade it. The moment I did and installed the file, FB began automatically sending messgaes [sic] to my contacts before my eyes."

Kaspersky in July reported having found two variants of the Koobface worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook, respectively. The threat, Kaspersky reported, was that the worm could unleash malicious software that allowed a hacker to take remote control of your PC, turning it into a "zombie" and using it as a launching point to attack other computers.

Facebook says on its site that it is helping users deal with Koobface and phishing sites.  Its advice: that users scan their computer for viruses and reset their passwords if their Facebook accounts were recently used to spit out spam.

Facebook rep Barry Schnitt told CNET that "only a very small percentage of Facebook users have been affected" and that the company is  updating security to limit damage and block future breaches.

This attack comes just weeks after a federal court ordered Canadian spammer Adam Guerbuez to pay Facebook $873 million for falsely obtaining login information for Facebook users and then sending spam to those users' friends.

©iStockphoto.com

Larry Greenemeier is the associate editor of technology for Scientific American, covering a variety of tech-related topics, including biotech, computers, military tech, nanotech and robots.

More by Larry Greenemeier