McAfee report goofed Koobface infection rates

By on
McAfee report goofed Koobface infection rates

Repackaged binaries threw off statistics.

McAfee had incorrectly reported that the Koobface worm, best known for its rampage through Facebook and MySpace, was increasing.

The error was contained in its first-quarter threat report and occurred because McAfee thought instances where the worm's code was packaged into other binary files and malware were unique samples of Koobface.

"Besides the number of changes made to a malware's code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or web server scripts that result in a unique binary being served with each download)," McAfee researcher Craig Schmugar said. 

"These factors led to our Koobface statistics being off by a large margin."

He said Koobface was continuing to decline since Facebook outed the group behind the threat 18 months ago.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?