The changing face of KOOBFACE

A new TrendLabs study has discovered that KOOBFACE now has a dedicated FAKEAV component. To learn more about what this combination of two of the most persistent threats today could mean to you.

Many people have heard about KOOBFACE malware propagating through social networking sites such as Facebook, MySpace, and Twitter. What is not common knowledge is that KOOBFACE has been known to install rogue AV onto victims' PCs¹.

Another TrendLabs discovery

A recent TrendLabs study has found that the KOOBFACE botnet has a dedicated FAKEAV component, which could be the reason why some rogue AV applications arrive as fake codecs downloaded via links spammed in social networking sites.

Several KOOBFACE variants have recently been detected in the huge mass of social networking and micro-blogging sites on the Web, their popularity making them the cybercriminals' favourite target today.

It is not surprising, therefore, that cybercriminals looking to profit from selling rogue AV are leveraging KOOBFACE's notoriety to further their cause.

Arguably two of the most persistent threats today, KOOBFACE and FAKEAV were prominent features of last year's threat landscape and are still going strong, infecting more and more users each day.

The plague of networking sites

KOOBFACE has terrorized social networking site users across the globe, plagueing well known favourites such as Facebook, MySpace, and Twitter. Having evolved from being a worm targeting Facebook alone into a cross-platform botnet, it is continuously upgrading and enhancing its components.

“The first Web 2.0 threat to enjoy continuous success,
which is significant at a time when social networking sites reign supreme”

Ryan Flores, Trend Micro Advanced Threats Researcher² says, “Although the KOOBFACE botnet is not as large and widespread as Storm and WALEDAC in their heydays, the former is revolutionary in that it is the first Web 2.0 threat to enjoy continuous success, which is significant at a time when social networking sites reign supreme.”

It is clear that as long as social networking sites exist, cybercriminals will continue to foist their malicious wares on users, preying on their trust and need to communicate with friends and loved ones. And as long as there are hordes of people flocking to sites where links to rogue AV download sites can be spammed, malware creators are sure to follow.

To read more about KOOBFACE visit the white papers section of TrendWatch, where two indepth reports can be found:

• The Real Face of KOOBFACE: The Largest Web 2.0 Botnet Explained
• The Heart of KOOBFACE: C&C and Social Network Propagation

For advice on staying secure while enjoying the opportunities provided by social networking read: Security Guide to Social Networks.

¹ Pick Your Poison: KOOBFACE or FAKEAV?
² The Real Face of KOOBFACE

Back to Index »