BANGALORE, INDIA: Is the virus called 'Koobface' that surfaced on the Internet in December 2008, making a comeback?
According to Rik Ferguson, a researcher with computer security software maker Trend Micro, a new variant of Koobface has resurfaced on many social networking sites. He said he detected this after investigating a Facebook message.
Though the message appeared to have come from someone on his friends list, it directed Rik to a spoofed YouTube site, he reported on the company's Web site last week.
The latest version of the virus arrives as an invitation from a user's contact, inviting the recipient to click on a link and view a video at a counterfeit YouTube site. Visitors are told they need to install an Adobe Flash plug-in to view the so-called video.
The bogus plug-in instead installs a Trojan horse program that gives the makers of Koobface control over the infected user's computer, according to Rik.
“Clicking the Install button redirects to a download site for the file setup.exe which is the new Koobface variant detected as WORM_KOOBFACE.AZ. It is hosted on an IP address in another part of the world, and in the last hour, we’ve seen 300+ different unique IP addresses hosting setup.exe and we’re expecting more,” he said.
Analysis by Trend Micro engineers reveal that WORM_KOOBFACE.AZ propagates through many social networking sites like facebook.com, hi5.com, friendster.com, myyearbook.com, myspace.com, bebo.com, tagged.com, netlog.com, fubar.com, livejournal.com.