Bah Humbug: Koobface Worm Hits Facebook, Again
Latest version of the Koobface worm is being spread through a bogus Christmas greeting card video on the social networking site.
Facebook users this week found out the hard way that 'tis the season to have your computer rendered useless by the latest variant of the infamous Koobface worm.
According to a Panda Security, Koobface.GK is worming its way through the popular social networking site via postings of malicious links on Facebook wall pages.
PandaLabs researchers said the links take Facebook users to a bogus embedded video player that promises a warm and fuzzy Christmas greeting.
Instead of dancing elves or a soothing rendition of "White Christmas," users who click on the links are infected by the worm which, in turn, presents a CAPTCHA image that threatens to reboot the user's computer.
While nothing actually happens once the three minutes expire, PandaLabs researchers say the computer is rendered useless. Worse, every time a user enters the CAPTCHA text, Koobface.GK registers a new domain where the infection files are hosted and then distributed to more Facebook users.
In October, Facebook was hit by a similar CAPTCHA-related spyware scam, one of dozens of malware and phishing attacks that have plagued Facebook and its 350 million-plus registered users in the past year.
In 2008, several Koobface worm variants wreaked havoc on Facebook during a series of attacks throughout the summer and fall.
"Social networks have become one of the popular entry points used by hackers to spread their creations, due to the false sense of security many users have regarding the content published on these networks," PandaLabs Technical Director Luis Corrons said in a statement. "Users generally trust the messages and content they receive, and consequently hackers get a high level of response through these channels."
PandaLabs researchers say while the infected machines are shutdown, the operating system isn't crippled to the point where it requires a clean system installation.
Malware attacks traditionally escalate during the holiday season, researchers say, as cyber crooks attempt to take advantage of people -- particularly those who only infrequently use the Internet to socialize -- looking to send holiday messages to friends and family.
In 2002, the ZafilD worm used Christmas greetings as a lure to download trojans. In 2005, MerryX.A infected users' machines with a trojan disguised as a Christmas greeting with an attachment. And in 2007, The Navidad worm and its variants tried a sneak attack on Spanish-speaking users.
Last month, thousands of Facebook groups were hijacked by an organization called Control Your Info in its unorthodox effort to draw attention to security vulnerabilities on the social networking site.
PandaLabs advised users to avoid clicking on suspicious links and attachments, particularly those contained in unsolicited e-mails.
Larry Barrett is a senior editor at InternetNews.com. Based in Las Vegas, Larry covers IT management, enterprise software, services and security.