Koobface begins Christmas campaign

The Koobface worm has begun to target Facebook users with fake messages relating to Christmas.

Symantec's senior security response manager Hon Lau claimed that his team has detected the latest campaign, which involves posting messages on Facebook profiles that link to either a fake Facebook page or fake video pages. Lau said that the postings are variations in spelling to a message that reads ‘I can't fall asleep after viewing this video. I haven't seen anything like this'.

Each message contains a link that, when clicked, will bring users to a Facebook page or open up a video page containing a Christmas-themed video. A file named setup.exe is then offered, which may come in the form of a Flash Player upgrade or a free anti-virus that proposes to protect users from Koobface.

Websense Security Labs claimed that the file is currently detected by 16 out of 41 anti-virus products, according to VirusTotal.

It said that the Facebook link is from a compromised site in Switzerland and if the user runs the infected file, the worm will automatically log in to their Facebook, MySpace, and several other social networking sites and send messages to all their friends. 

See original article on scmagazineuk.com