McAfee report goofed Koobface infection rates

By

Repackaged binaries threw off statistics.

McAfee had incorrectly reported that the Koobface worm, best known for its rampage through Facebook and MySpace, was increasing.

McAfee report goofed Koobface infection rates

The error was contained in its first-quarter threat report and occurred because McAfee thought instances where the worm's code was packaged into other binary files and malware were unique samples of Koobface.

"Besides the number of changes made to a malware's code base, sample counts can also be influenced by repacking of the same underlying code (a common evasion tactic used by malware distributors), garbage data or junk instructions added to binaries, and other forms of server or client polymorphisms (such as self-modifying code or web server scripts that result in a unique binary being served with each download)," McAfee researcher Craig Schmugar said. 

"These factors led to our Koobface statistics being off by a large margin."

He said Koobface was continuing to decline since Facebook outed the group behind the threat 18 months ago.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?