Koobface, an anagram of Facebook, is a computer worm that targets the users of the social networking websites Facebook, MySpace, hi5, Bebo, Friendster and Twitter. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. It was first detected in December 2008 and a more potent version appeared in March 2009.
Koobface spreads by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected. Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what is purported to be an update of the Adobe Flash player. If they download and execute the file, Koobface is able to infect their system. It can then commandeer the computer's search engine use and direct it to contaminated websites.
Among the components downloaded by Koobface are a DNS filter program that blocks access to well known security websites and a proxy tool that enables the attackers to abuse the infected PC.
Several variants of the worm have been identified:
Net-Worm.Win32.Koobface.a, which attacks MySpace
Net-Worm.Win32.Koobface.b, which attacks Facebook.
WORM_KOOBFACE.DC, which attacks Twitter.
W32/Koobfa-Gen, which attacks Facebook, MySpace, hi5, Bebo, Friendster, myYearbook, Tagged, Netlog, Badoo and fubar.
The Windows operating system is currently the only operating system affected by this worm. Microsoft's Malicious Software Removal Tool, an antivirus program released to Windows Update twice a month, removes Koobface and other viruses/spyware, and cleaned over 800,000 computers of Koobface and similar threats
