Koobface has been busy. Activities associated with the worm have increased during the month of December. Often the activity is sending traffic to compromised servers to obtain more servers. Other times it uses those compromised servers to proxy users to malicious domains that distribute more malware or take control of the infected machines.

This morning we noticed a trend: some of the domain-based locations are making use of the holiday theme. This has included everything from “presents for your pets” to “festive holiday trees.” These are domains that appear legitimate but are not. In fact, many of the domains were legitimate at one point but are now are serving a different purpose.

When users go to these these happy holiday sites, they are greeted by having files downloaded to their computers. Then they receive the gift of holiday identity theft!

We have monitored the progress of this attack and its spread throughout the day. Based upon past trends we expect it to continue to evolve and find new servers and methods with similar associations over the next few weeks.

Stay updated and safe over the holidays!