Facebook Worm ‘Koobface’ Morphs Into New Form


Koobface, the Facebook worm that takes over computers by spreading through the social network, is back in a new form. The newly tweaked Facebook worm works like its predecessor, only with an updated look and code that might not be caught as quickly.

Facebook Worm 2.0

Koobface tricks you into following a link that looks like it’s from a friend. It’ll usually look like a link to a video of someone you know. Once you open the link, though, you’ll be told you need to download an update to your video player. That update is actually the Facebook worm threat in disguise.

The new variant, discovered by researchers at Trend Micro, poses as a YouTube page. It’ll even display your name and photo from Facebook to give a nonthreatening appearance to unsuspecting users.

Facebook-Aided Virus Spread

Once you agree to install the software it offers, the Koobface worm will take over your computer and hijack your Facebook account. It’ll then live up to its Facebook virus reputation by sending messages to your friends and attempting to infect them.

“It also sends and receives information from an infected machine by connecting to several servers,” says Trend Micro’s Rik Ferguson. “This allows hackers to execute commands on the affected machine.”

The new Koobface virus has also been detected on several other social networks, including MySpace, Bebo, Friendster, Hi5, and Live Journal.

Koobface Protection

Keeping yourself safe from Koobface is simple: Be very cautious of what you click. Even if something appears to have come from a friend, remember that their account could be infected and the message may not actually be from them. Make sure you know where you’re going before you click.

Once you do follow a link, never install software updates directly from that page. If you receive a notice that you need an update for your Adobe Flash player, navigate directly to adobe.com and look for the update at the original source. That’s the safest way to know you’re getting the real deal, and not a Facebook worm in disguise.