created over 4 years ago | Tagged:
Facebook users beware! Yet another rogue app has taken the popular social-networking site by storm. The new rogue app it’s a new variant of spreading the Koobface worm, said security firm Trend Micro. The Koobface worm was unleashed last year and since then it tricked countless users into downloading the worm through bogus video links allegedly sent from friends’ profiles.
First you receive a message with a link and a spoofed version of YouTube. The message is supposedly from one of your friends in your Facebook contacts list. When you click the link, you’ll be taken to a site that supposedly hosts video footage of you or a celebrity. You’ll be encouraged to download an updated version of the Adobe Flash Player plug-in. By clicking install, you’ll be directed to a download site for the malicious file setup.exe which in this case is the Koobface variant known as WORM.KOOBFACE.AZ, hosted by a foreign IP address. The Koobface worm then connects to a site by using login credentials from your gathered cookies. It scans your friend’s list and sends messages with a link and a copy of the worm. Once your PC or Mac is infected, the work records keystrokes and steals login and other sensitive information and sends it to a server.
Rogue apps are swarming Facebook. Another one of these apps – recently tracked down by Trend Micro – displays a message that says "Closing Down! You reported them for violating their terms and policies," and after users install the application it spasm itself to the infected users’ friends. Other messages usually read: "Error Check System" or "F a c e b o o k - closing down!!!" Clicking on these notifications means you just sent the same message to your entire friends list.