The gang behind the Koobface worm has been hard at work in releasing the next iteration of their worm. We’ve already identified over 60 active domains spreading the content through the usual method of posting a message linking to a “CooooL Video” on Facebook.
Sample malspam:
After clicking the link, the victims are automatically redirected to a Koobface controlled server, which then routes the them off to a fake codec site specifically designed for the social network they came from.
Fake codec site:
The Koobface gang uses the same old “Flash Player upgrade required” tactic to trick users into opening the executable, which then ultimately transforms their machine into a distribution point for the infection to further propagate.
Koobface connection log:
On infection, the Koobface worm immediately attempts to download three additional exectuable files.
After turning the victims computer into its next distribution point, it also attempts to monetize by installing “Total Security” Rogueware.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
