Koobface Rampages on Twitter

Security researchers warn that Koobface, the most successful social networking worm to date, has increased its activity on Twitter, to the extent that the website's administration saw it fit to issue an alert via its status page. The staff has also began to suspend the affected accounts and send out notifications to their respective owners.

Koobface is an infamous computer worm that spreads on social networking websites. It was originally launched on MySpace, but its subsequent variants started targeting Facebook, Bebo, Friendster, hi5, Tagged, and others. Once installed on a computer, the worm monitors browsing sessions and hijacks social networking accounts in order to propagate itself.

It uses the compromised accounts to send out links to malicious web pages, generally promoting fake videos that, when clicked, prompt users to download an alleged Flash player update. This executable file is, in fact, the worm installer, which is constantly modified, in order to avoid detection.

A new Koobface started targeting Twitter just a few weeks ago, but, at the beginning, its activity was rather modest. Malware analysts from Trend Micro noted at the time that only three shortened URLs were being used.

However, that is no longer the case, with the worm becoming much more aggressive. "There are a couple of hunded [sic.] Twitter users affected by Koobface in the past few hours, but dozens more are being infected as we speak," Trend Micro specialists warned on July 9. The number of malicious URLs has also significantly increased.

Soon after, Twitter issued an alert via its status page, which confirmed the malicious activity and outlined its efforts to contain it. "We are currently suspending all accounts that we detect sending such bogus tweets. If we suspend your account, we will send you an email notifying you of the suspension. This email also includes tips for removing the malware from your PC," the announcement read.

Most antivirus programs should be able to detect this new Koobface variant, so users are advised to keep their definitions up-to-date. Additionally, exercising extra caution when visiting links posted on any social networking website is always recommended. "Obviously, we do not recommend clicking on the links, and you should know by now that virus writers have frequently disguised their malware behind video disguises," Graham Cluley, senior technology consultant at Sophos, noted.