'Koobface' virus resurfaces on networking sites

CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Is the virus called 'Koobface' that surfaced on the Internet in December 2008, making a comeback?


According to Rik Ferguson, a researcher with computer security software maker Trend Micro, a new variant of Koobface has resurfaced on many social networking sites. He said he detected this after investigating a Facebook message.

Though the message appeared to have come from someone on his friends list, it directed Rik to a spoofed YouTube site, he reported on the company's Web site last week.

The latest version of the virus arrives as an invitation from a user's contact, inviting the recipient to click on a link and view a video at a counterfeit YouTube site. Visitors are told they need to install an Adobe Flash plug-in to view the so-called video.


The bogus plug-in instead installs a Trojan horse program that gives the makers of Koobface control over the infected user's computer, according to Rik.

“Clicking the Install button redirects to a download site for the file setup.exe which is the new Koobface variant detected as WORM_KOOBFACE.AZ. It is hosted on an IP address in another part of the world, and in the last hour, we’ve seen 300+ different unique IP addresses hosting setup.exe and we’re expecting more,” he said.

Analysis by Trend Micro engineers reveal that WORM_KOOBFACE.AZ propagates through many social networking sites like,,,,,,,,,