Koobface Still Making Rounds On Twitter - NBC Right Now/KNDO/KNDU Tri-Cities, Yakima, WA |

Koobface still making rounds on Twitter

Posted: Updated:
Koobface still making rounds on Twitter 

Several security firms are reporting a noticeable rise in the amount of traffic on Twitter that leads users to pages hosting a variant of the Koobface family of Malware. Koobface, known previously for targeting userson Facebook, now linked to various tweets pointing to malicious videos, jumped in volume earlier this month according to one security firm. 

Kaspersky, earlier this month reported that the number of Koobface samples detected jumped from 324 in May to nearly 1000 by the end of June. The first weekend of July, the total samples discovered moving about online broke the 1000 mark, and officially took aim at something other than Facebook when it appeared on Twitter.

The Tweets linking to Koobface on Twitter are the average "look at my video" sort. The tweets offer a link to what appears to be a YouTube page, and the user is asked to load a video codec before the movie will play. The codec, which is in reality Koobface, is served up from a variety of sources thanks to crafty scripting by the Malware authors.   "The script calls a php-script on a server which uses an ID to return an IP address leading to the video site. This means the IP address is different for every request. Interestingly, the guys behind this attack are clearly out to maximize their ROI: if you're using Mac or Linux, you end up getting redirected to an adult site," wrote Marco in Kaspersky's Analyst's Diary.   Twitter has reacted swiftly to the rush of Malicious Tweets, "Some users' PCs have been infected with a variant of the Koobface malware. This malware sends bogus tweets when the user logs into Twitter. We are currently suspending all accounts that we detect sending such bogus tweets. If we suspend your account, we will send you an email notifying you of the suspension. This email also includes tips for removing the malware from your PC," a status update on for Twitter dated July 9, reads.  

Social networking is a popular target for criminals who want to spread Malware, because of how well users are connected. Trusting messages from someone you know on any given social networking service is commonplace, and the criminals know that this is easily exploited. The fact that the Twitter attacks instantly send messages thanks to the Koobface variant is a prime example of this type of exploitation. 

"The appearance of Koobface on Twitter is a logical move for cybercriminals," said Dave Marcus, director of security research and communications from McAfee's Avert Labs. "Twitter users should be wary of fake tweets, as users of email have had to become aware of spam." 

Several security firms are reporting a noticeable rise in the amount of traffic on Twitter that leads users to pages hosting a variant of the Koobface family of Malware. Koobface, known previously for targeting userson Facebook , now linked to various tweets pointing to malicious videos, jumped in volume earlier this month according to one security firm. Kaspersky, earlier this month reported that the number of Koobface samples detected jumped from 324 in May to nearly 1000 by the end of June. The first weekend of July, the total samples discovered moving about online broke the 1000 mark, and officially took aim at something other than Facebook when it appeared on Twitter. The Tweets linking to Koobface on Twitter are the average "look at my video" sort. The tweets offer a link to what appears to be a YouTube page, and the user is asked to load a video codec before the movie will play. The codec, which is in reality Koobface, is served up from a variety of sources thanks to crafty scripting by the Malware authors.   "The script calls a php-script on a server which uses an ID to return an IP address leading to the video site. This means the IP address is different for every request. Interestingly, the guys behind this attack are clearly out to maximize their ROI: if you're using Mac or Linux , you end up getting redirected to an adult site," wrote Marco in Kaspersky's Analyst's Diary.   Twitter has reacted swiftly to the rush of Malicious Tweets, "Some users' PCs have been infected with a variant of the Koobface malware. This malware sends bogus tweets when the user logs into Twitter. We are currently suspending all accounts that we detect sending such bogus tweets. If we suspend your account, we will send you an email notifying you of the suspension. This email also includes tips for removing the malware from your PC," a status update on for Twitter dated July 9, reads.   Social networking is a popular target for criminals who want to spread Malware, because of how well users are connected. Trusting messages from someone you know on any given social networking service is commonplace, and the criminals know that this is easily exploited. The fact that the Twitter attacks instantly send messages thanks to the Koobface variant is a prime example of this type of exploitation. "The appearance of Koobface on Twitter is a logical move for cybercriminals," said Dave Marcus, director of security research and communications from McAfee's Avert Labs. "Twitter users should be wary of fake tweets, as users of email have had to become aware of spam."

by Steve Ragan - Jul 15 2009, 17:24
www.thetechherald.com
HD DOPPLER 6i
/