Computer Security Research - McAfee Labs Blog

Koobface Worm Turns Toward Twitter

Monday July 13, 2009 at 9:22 am CST
Posted by Arun Pradeep

McAfee Avert Labs has received a new variant of the Koobface worm. Unlike the previous variants, this one spreads using Twitter by sending fake tweets.

These fake tweets contain links to a video; some of these videos are named “My home video.” When users click these links they are prompted to install a video codec. However, upon following the instructions it actually downloads a variant of the Koobface worm and installs it.

At McAfee we detect this variant as W32/Koobface.worm.gen.e and W32/Koobface.worm.gen.h. The detection for this variant will be available to the public in today’s release (DAT 5675).

This entry was posted on Monday, July 13th, 2009 at 09:22 and is filed under Spam and Phishing, Web and Internet Safety. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Koobface Worm Turns Toward Twitter”

McAfee Warns Of KoobFace Worm On Twitter Says:
July 13th, 2009 at 14:16
[...] McAfee Avert Labs Blog just announced that the Koobface worm has reached Twitter. Appearantly, users are sent fake tweets with a video link and once they click on that they are prompted to download a video codec. However, instead of downloading a video codec, the malware is downloaded to the hard drive. These variants have been detected as W32/Koobface.worm.gen.e and W32/Koobface.worm.gen.h by McAfee. [...]
McAfee warns of KoobFace Worm On Twitter | Software PC Tips | PC will easy when you read that blog Says:
July 13th, 2009 at 17:00
[...] McAfee Avert Labs Blog just announced that the Koobface worm has reached Twitter. Appearantly, users are sent fake tweets with a video link and once they click on that they are prompted to download a video codec. However, instead of downloading a video codec, the malware is downloaded to the hard drive. These variants have been detected as W32/Koobface.worm.gen.e and W32/Koobface.worm.gen.h by McAfee. [...]
Austin Cheney Says:
July 15th, 2009 at 01:14
It seems such worms could be easily diffused if their ability to multiply is challenged by an adjustment in client-side scripting practices. I have written the SAFE Model for exactly these types of cases:

http://www.ietf.org/internet-drafts/draft-cheney-safe-00.txt
The Shortening, Part Deux: URL Shortener Security Fail Says:
July 17th, 2009 at 08:01
[...] can avoid these scams altogether….” “According to alerts from anti-virus vendors McAfee, Symantec and Trend Micro, the latest to abuse these services is the Koobface worm, which targets [...]
Computer Security Research - McAfee Avert Labs Blog Says:
July 20th, 2009 at 20:04
[...] malware using the “you-need-a-video-player” technique that has been repeatedly used in similar attempts in the past. Using this method, the user is often enticed to an attractive video but must install a [...]
Malware From Celebrity Video « iLookBothWays Says:
October 21st, 2009 at 23:25
[...] malware using the “you need a video player” technique that has been repeatedly used in similar attempts in the past. Using this method, the user is often enticed to an attractive video but must install a [...]

Koobface Worm Turns Toward Twitter

6 Responses to “Koobface Worm Turns Toward Twitter”

Leave a Reply

Archives

Categories