A new variant of the Koobface worm was making the rounds today on Facebook. This is particularly bad news. Most of the Facebook scams we report on do not infect your computer with malware; they simply make money from getting people to fill out surveys and send spams to other Facebook users.
An alert Naked Security reader, George, sent us a tip that he had received a suspicious Facebook chat message from a friend asking him to view a photo album. George is an experienced computer professional and immediately thought it might be fraud.
It’s very likely that George’s friend was infected with Koobface, as this is a technique Koobface has used for quite some time to trick Facebook users. Koobface is known to use chat and messaging to spread on LinkedIn, Twitter, Bebo, Hi5, Myspace and nearly every other social network with a sizable user base.
The link from the chat pointed to an app.facebook.com/CENSORED link. Typically when you go to a Facebook app page it prompts you to add the application and grant it permission to post on your behalf or read your profile data. The scary part about this one is that it immediately prompts you to download a “FacebookPhotos#####.exe” file with no prompting or clicking required.
The screen reads “Photo has been moved. This photo has been moved to other location. To view this photo click View Photo.” If your computer has not already downloaded the malware, the “View Photo” button will download the malware for you.
It is really unfortunate that Facebook scams are moving back towards spreading malware. Fortunately, users of Sophos Anti-Virus had proactive protection from this threat with both our HIPS and suspicious file detection technologies. This malware is now identified by Sophos as W32/Koobface-BA.
While I was researching this malware and writing this blog, Facebook removed the malicious application from their service. There are likely many more applications like this one making the rounds, so, as always, beware of unusual messages from friends whether they are in email, on their walls, or in an instant message.
If you’re a Facebook user, I invite you to join our Facebook page, where we post all the latest security news and threats you need to watch out for. We also have a Facebook privacy guide explaining how to navigate the privacy settings, with recommended settings to control your profile.
For those of you who need to educate your users on how to safely use social media sites, you can download our free social media education toolkit.
Full story: Naked Security – Sophos
Related Posts
- Trojan Spreading through Facebook chat.
Facebook photos have become a new target for cyberthieves looking to direct users to malicious sites. Recently spam chat and email message were sent from compromised Facebook user account to their... - Facebook Photo Album Themed Malware Campaign, Mass SQL Injection Attacks Courtesy of AS42560
A spamvertised through Facebook personal messages, Photo Album themed campaign, with the domain IP responding to ZeuS C&Cs, combined with an indirect connection between this campaign and the "100,... - Facebook Scam Alert: ‘Everyone do check what she did on cam’ Spreading
We’re monitoring an on-going Facebook scam campaign that seems to be spreading faster than any campaign we’ve come across before.
What did this girl do on her webcam?
The scam starts with ... - Twitter worm Profile Spy spreading fast.
It appears that a new Twitter scam is making its way in lots of innocent users twitter account. We call this a Profile Spy worm app. Its basically a rogue Twitter application known as Profile Spy whi... - Facebook Scam Spreading: ‘Hey, I just made a photoshop of you, check it out’
We’ve been monitoring a new Facebook scam that is spreading via Facebook Chat messages. This particular scam usually begins with a chat message from a friend like the one below:
Example of the ... - New Facebook worm – don’t click da’ button baby!
Thanks to a tip-off from colleague Gadi Evron, I've just spent some time looking into the latest Facebook worm after he alerted Facebook about it.
Like so many past worms, this one uses a suggesti... - Thank you from Google, and Facebook personal messages lead to malware
Take a look at a couple of email messages Sophos intercepted earlier today.
Firstly, the great guys at Google have been in touch. Their message, entitled "Thank you from Google!", says that they hav... - Encrypted Facebook Chat?
With the release of Firesheep the Firefox add on HTTPS Everywhere has increased in popularity as it helps ensure that your Facebook session is encrypted. Using Facebook over https breaks the chat on ... - New Koobface Campaign Spreading on Facebook
Websense Security Labs™ ThreatSeeker™ Network has detected a new Koobface campaign spreading on Facebook. The campaign is spreading via direct messages sent from compromised accounts... - Orkut Worm spreading through XSS loophole
Orkut, a popular social networking site, was hit by a new worm on Saturday, September 25, 2010. The worm uses a XSS exploit on the Orkut website that allows malware writers to inject malicious javasc...
Posted on 09 January 2011. Tags: Album, chat, Facebook, Messages, Photo, Spreading, worm
tengo un problema con una amiga que a toda hora me envia un msn, es un virus, pero no se que decirle para que lo elimine, que hago??, es algo asi como de una foto, creo que es un gusano koobface ayudemen gracias
yo tengo ese problema si alguien me puede ayudar se lo agradesco cada vez q abro el chat a todos los q tengo conectados se lo manda por favor necesito ayuda
I’ve got the virus now. What do I do to remove it? The computer I got it on actually belongs to someone else, so the situation is GRAVE. Please give me some help! Thanks.