Nefarious Koobface worm rears its ugly head on Facebook

Posted by Aharon Etengoff

The nefarious Koobface worm of digital yore has made a dangerous comeback by rearing its ugly head on Facebook.

"In this particular campaign, the worm spreads across social networks [via] messages claiming to be about hidden cameras showing erotic encounters. The message is sent from the infected machine to each of the owner's contacts and the link redirects to Web sites called 'Video posted by Hidden Camera," explained a post on ESET's Threat Blog.

"A pop-up at this site tells the user that he needs to download what is supposed to be a video codec, in order to look at the video. [However], the offered file isn't any sort of Flash codec, but the Koobface executable. If the user downloads and runs it, his system will become infected."

According to ESET, one notable feature of the above-mentioned attack is that the malicious download only works the first time a victim accesses the site. 

"Subsequent attempts generate what looks like a 404 error (Page Not Found). Attackers do this to hamper the work of security researchers, so that it becomes more difficult to analyze subsequent differing versions of the malicious code.

"All the domain names seen to date are in the format http://[IP address]:[port]/[random numbers and letters]/. "